Vulnerability Description
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
CVSS Score
9.0
HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 2.5.1 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3897Third Party Advisory
- http://www.securityfocus.com/archive/1/492230/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/29276Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42561Third Party AdvisoryVDB Entry
- http://securityreason.com/securityalert/3897Third Party Advisory
- http://www.securityfocus.com/archive/1/492230/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/29276Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42561Third Party AdvisoryVDB Entry
FAQ
What is CVE-2008-2392?
CVE-2008-2392 is a vulnerability with a CVSS score of 9.0 (HIGH). Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs...
How severe is CVE-2008-2392?
CVE-2008-2392 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2392?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.