CVE-2008-5695
Published: 19 December 2008
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Not vulnerable
(2.3.3-1ubuntu1)
|
|
intrepid |
Not vulnerable
(2.5.1-8ubuntu1)
|
|
jaunty |
Not vulnerable
(2.5.1-11ubuntu1)
|
|
karmic |
Not vulnerable
(2.5.1-11ubuntu1)
|
|
upstream |
Released
(1.3.2 and 2.3.3)
|