Description

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

Remediation

References

CVE-2009-3890

Related Vulnerabilities

WordPress Plugin TAuto Poster includes Backdoor [Only if downloaded via the vendor website] (1.4.5)

Internet Information Services Other Vulnerability (CVE-2000-0884)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7851)

WordPress 4.2.x Arbitrary File Deletion Vulnerability (4.2 - 4.2.20)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.0.17)

Severity

Medium

Classification

CVE-2009-3890 CWE-94

Tags

Missing Update Known Vulnerabilities