WordPress Multiple Vulnerabilities - Nov09 Network Vulnerability

Summary

The host is running WordPress and is prone to multiple vulnerabilities.

Impact

Attackers can exploit this issue to execute arbitrary PHP code by uploading malicious PHP files and to inject arbitrary web script or HTML code which will be executed in a user's browser session Impact Level: System/Application

Solution

Update to Version 2.8.6 http://wordpress.org/download/

Insight

- The 'wp_check_filetype()' function in /wp-includes/functions.php does not properly validate files before uploading them. - Input passed into the 's' parameter in press-this.php is not sanitised before being displayed to the user.

Affected

WordPress version prior to 2.8.6 on all running platform.

References

http://secunia.com/advisories/37332
http://www.openwall.com/lists/oss-security/2009/11/15/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3890, CVE-2009-3891
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
123 Flash Chat Multiple Security Vulnerabilities
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities