Published: 21/05/2008 Updated: 31/10/2018
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Unrestricted file upload vulnerability in WordPress 2.5.1 and previous versions might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Affected Products

Vendor Product Versions

Vendor Advisories

Debian Bug report logs - #485807 wordpress: CVE-2008-2392 Unrestricted file upload vulnerability in WordPress 251 and earlier Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Thomas Bläsing <thomasbl@poolmathtu-be ...