CVE-2008-5695 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5695
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5695

Description: wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

CVE Status: Candidate

References: SREASON http://securityreason.com/securityalert/4798 SAID Secunia Advisory: SA28789 MISC http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html MILW0RM http://www.milw0rm.com/exploits/5066 CONFIRM http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 BID 27633

Return to the previous page.