Unrestricted file upload vulnerability in WordPress 2.5.1 and previous versions might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
Debian Bug report logs -
wordpress: CVE-2008-2392 Unrestricted file upload vulnerability in WordPress 251 and earlier
Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon)
Reported by: Thomas Bläsing <thomasbl@poolmathtu-be ...