CVE-2009-3890
CVE-2009-3890
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/10089unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.htmlhttp://core.trac.wordpress.org/ticket/11122http://secunia.com/advisories/37332http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/http://www.openwall.com/lists/oss-security/2009/11/15/2http://www.openwall.com/lists/oss-security/2009/11/15/3http://www.openwall.com/lists/oss-security/2009/11/16/1http://www.osvdb.org/59958