Candidate: CVE-2009-3890
PublicDate: 2009-11-17 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3890
Description:
 Unrestricted file upload vulnerability in the wp_check_filetype function in
 wp-includes/functions.php in WordPress before 2.8.6, when a certain
 configuration of the mod_mime module in the Apache HTTP Server is enabled,
 allows remote authenticated users to execute arbitrary code by posting an
 attachment with a multiple-extension filename, and then accessing this
 attachment via a direct request to a wp-content/uploads/ pathname, as
 demonstrated by a .php.jpg filename.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
 upstream: http://core.trac.wordpress.org/changeset/12166
upstream_wordpress: released (2.8.6)
dapper_wordpress: ignored (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: ignored (reached end-of-life)
karmic_wordpress: ignored (reached end-of-life)
lucid_wordpress: not-affected (2.8.6-1ubuntu1)
maverick_wordpress: not-affected (2.8.6-1ubuntu1)
natty_wordpress: not-affected (2.8.6-1ubuntu1)
oneiric_wordpress: not-affected (2.8.6-1ubuntu1)
devel_wordpress: not-affected (2.8.6-1ubuntu1)