|
|
CVE Reference: CVE-2008-5695 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-5695 |
|
|
Description: wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/4798 SAID Secunia Advisory: SA28789 MISC http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html MILW0RM http://www.milw0rm.com/exploits/5066 CONFIRM http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 BID 27633 |
|
| Return to the previous page. |
