Описание
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.5.1-11ubuntu1 |
| gutsy | ignored | end of life, was needs-triage |
| hardy | not-affected | 2.3.3-1ubuntu1 |
| intrepid | not-affected | 2.5.1-8ubuntu1 |
| jaunty | not-affected | 2.5.1-11ubuntu1 |
| karmic | not-affected | 2.5.1-11ubuntu1 |
| upstream | released | 1.3.2 and 2.3.3 |
Показывать по
EPSS
8.5 High
CVSS2
Связанные уязвимости
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
EPSS
8.5 High
CVSS2