Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Remediation

References

CVE-2008-2392

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43721)

e107 Other Vulnerability (CVE-2006-2591)

WordPress Plugin WP Fastest Cache Directory Traversal (0.9.1.6)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6318)

W3 Total Cache CVE-2019-6715 Vulnerability (CVE-2019-6715)

Severity

Critical

Classification

CVE-2008-2392 CWE-20

Tags

Missing Update Known Vulnerabilities