Lucene search

K

PRIOn knowledge basePRION:CVE-2009-3890

HistoryNov 17, 2009 - 6:30 p.m.

Unrestricted file upload

2009-11-1718:30:00

PRIOn knowledge base

www.prio-n.com

5

7.7 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

CPENameOperatorVersion
wordpressle2.8.5

References

archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html

archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html

archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html

core.trac.wordpress.org/ticket/11122

secunia.com/advisories/37332

wordpress.org/development/2009/11/wordpress-2-8-6-security-release/

www.openwall.com/lists/oss-security/2009/11/15/2

www.openwall.com/lists/oss-security/2009/11/15/3

www.openwall.com/lists/oss-security/2009/11/16/1

www.osvdb.org/59958

7.7 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

Related for PRION:CVE-2009-3890

ubuntucve1 cvelist1 patchstack1 nvd1 cve1 openvas4 debiancve1 nessus1 freebsd1