WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability Network Vulnerability

Summary

The host is running WordPress and is prone to Remote Code Execution vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code by uploading a PHP script and adding this script pathname to active_plugins. Impact Level: System/Application

Solution

Upgrade to version 1.3.2 and 2.3.3 or later http://mu.wordpress.org/download/

Insight

The flaw is due to error under 'wp-admin/options.php' file. These can be exploited by using valid user credentials with 'manage_options' and upload_files capabilities.

Affected

WordPress, WordPress prior to 2.3.3 WordPress, WordPress MU prior to 1.3.2

References

http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
http://secunia.com/advisories/28789

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5695
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AWStats configdir parameter arbitrary cmd exec

Take action and discover your vulnerabilities