Info

Last Modified

about 1 year ago

Percent Complete

Disclosure

Jun 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 0% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

No Keywords

Description

(Description Provided by CVE) : Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

Classification

Unknown or Incomplete

Products

Unknown or Incomplete

References

CVE ID: 2007-3543 (see also: NVD)
Bugtraq ID: 24642
Secunia Advisory ID: 25794
Related OSVDB ID: 37294
Vendor Specific News/Changelog Entry: http://trac.mu.wordpress.org/changeset/1005
Other Advisory URL: http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches