9

CVE-2008-2392

WordPress Core <= 2.5.1 - Arbitrary File Upload

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.5.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 2.5.1
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-2.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.28% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://securityreason.com/securityalert/3897
Third Party Advisory
http://www.securityfocus.com/archive/1/492230/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29276
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42561
Third Party Advisory
VDB Entry
https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa453f3-d361-452c-940a-108252c9f302
Third Party Advisory