Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2008-5695

Published: 19/12/2008 Updated: 21/04/2021
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 855
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Wordpress

Vulnerability Summary

wp-admin/options.php in WordPress MU prior to 1.3.2, and WordPress 2.3.2 and previous versions, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress mu

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2008-5695: New security issue
Debian Bug report logs - #510786 CVE-2008-5695: New security issue Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 4 Jan 2009 21:18:01 UTC Severity: important Tags ...

Exploits

Exploit DB: WordPress MU < 1.3.2 - active_plugins option Code Execution
&lt;?php /* WordPress [MU] blog's options overwrite Credits : Alexander Concha &lt;alex at buayacorp dot com&gt; Website : wwwbuayacorpcom/ Advisory: wwwbuayacorpcom/files/wordpress/wordpress-mu-options-overwritehtml This exploit uses active_plugins option to execute arbitrary PHP */ include_once '/class-snoopyphp'; // Fix S ...

References

CWE-20http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txthttp://secunia.com/advisories/28789http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.htmlhttp://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1http://www.securityfocus.com/bid/27633http://securityreason.com/securityalert/4798https://www.exploit-db.com/exploits/5066https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510786https://nvd.nist.govhttps://www.exploit-db.com/exploits/5066/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook