All use of Secunia Advisories is for non-commercial use only. No use is permitted for commercial use. For further information, see the End User License Agreement or contact us. If you are an IT security professional, request a trial of the Secunia VIM.

 
Moderately critical

WordPress Multiple Vulnerabilities

-

Release Date:  2011-05-04    Last Update:  2011-08-22    Views:  10,633

Secunia Advisory SA44409

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


A security issue and some vulnerabilities have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to disclose sensitive information


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: WordPress Multiple Vulnerabilities

User Message
aaroncampbell RE: WordPress Arbitrary File Upload Vulnerability
Member 12th May, 2011 08:16
Score: 0
Posts: 2
User Since: 12th May 2011
System Score: N/A
Location: US
Last edited on 12th May, 2011 08:16
Obviously a webserver should not be set to process something like filename.php.gif as php code. However, even if it is WordPress munges all non-whitelisted file extentions. Basically if a file like filename.php.gif is uploaded it is changed to filename.php_.gif on the server, but a file like filename.gif.gif would not be changed because gif is a whitelisted extension. It considers "extensions" to be any dot-separated section of 2-5 characters. There are a long list of whitelisted extensions that aren't affected, but php and phtml are NOT in that list by default (the list can be extended by plugins, but that's not really WordPress). The relevant code was added in WP 2.8 (http://wordpress.org/news/2009/11/wordpress-2-8-6-...) and can be seen here: https://core.trac.wordpress.org/browser/trunk/wp-i...
Was this reply relevant?
+0
-0
aaroncampbell RE: WordPress Arbitrary File Upload Vulnerability
Member 25th May, 2011 22:11
Score: 0
Posts: 2
User Since: 12th May 2011
System Score: N/A
Location: US
It seems that I was incorrect. There were some conditions where the filename did not get properly munged due to an error in the regex. This was fixed in WordPress 3.1.3 - http://wordpress.org/news/2011/05/wordpress-3-1-3/
Download it - http://wordpress.org/download/
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.