Lucene search

[email protected]CVE-2008-5695

HistoryDec 19, 2008 - 6:30 p.m.

CVE-2008-5695

2008-12-1918:30:00

CWE-20

[email protected]

web.nvd.nist.gov

158

cve-2008-5695

wordpress

option update

remote code execution

security vulnerability

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.8%

JSON

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script’s pathname to active_plugins.

Affected configurations

NVD

Node

wordpresswordpressRange≤2.3.2

wordpresswordpress_muRange<1.3.2

CPENameOperatorVersion
wordpress:wordpresswordpressle2.3.2
wordpress:wordpress_muwordpress wordpress mult1.3.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	2.3.2
wordpress:wordpress_mu	wordpress wordpress mu	lt	1.3.2

References

mu.wordpress.org/forums/topic.php?id=7534&page&replies=1

secunia.com/advisories/28789

securityreason.com/securityalert/4798

www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html

www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt

www.securityfocus.com/bid/27633

www.exploit-db.com/exploits/5066

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2008-5695

prion1 openvas1 debiancve1 cvelist1 nvd1 patchstack1 ubuntucve1