CVE-2008-5695
CVE-2008-5695
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/5066unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1http://secunia.com/advisories/28789http://securityreason.com/securityalert/4798https://www.exploit-db.com/exploits/5066http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.htmlhttp://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txthttp://www.securityfocus.com/bid/27633