Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Remediation

References

CVE-2008-2392

Related Vulnerabilities

WordPress 4.8.x Denial of Service Vulnerability (4.8 - 4.8.5)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-35625)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3848)

Ruby on Rails CVE-2019-5418 Vulnerability (CVE-2019-5418)

WordPress Plugin Nokia Maps & Places Cross-Site Scripting (1.6.6)

Severity

Critical

Classification

CVE-2008-2392 CWE-20

Tags

Missing Update Known Vulnerabilities