Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE

The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. PoC As an author or any account with the uploadfiles capability, attach a .php4 file to a downlo...

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...