Published: 19/12/2008 Updated: 29/09/2017
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 855
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

wp-admin/options.php in WordPress MU prior to 1.3.2, and WordPress 2.3.2 and previous versions, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Vendor Advisories

Debian Bug report logs - #510786 CVE-2008-5695: New security issue Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 4 Jan 2009 21:18:01 UTC Severity: important Tags ...


<?php /* WordPress [MU] blog's options overwrite Credits : Alexander Concha <alex at buayacorp dot com> Website : wwwbuayacorpcom/ Advisory: wwwbuayacorpcom/files/wordpress/wordpress-mu-options-overwritehtml This exploit uses active_plugins option to execute arbitrary PHP */ include_once '/class-snoopyphp'; // Fix S ...