9
CVSSv2

CVE-2008-2392

Published: 21/05/2008 Updated: 31/10/2018
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Unrestricted file upload vulnerability in WordPress 2.5.1 and previous versions might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Affected Products

Vendor Product Versions
WordpressWordpress2.5.1

Vendor Advisories

Debian Bug report logs - #485807 wordpress: CVE-2008-2392 Unrestricted file upload vulnerability in WordPress 251 and earlier Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Thomas Bläsing <thomasbl@poolmathtu-be ...