Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900183
Kategorie:Web application abuses
Titel:WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability
Zusammenfassung:The host is running WordPress and is prone to Remote Code; Execution vulnerability.
Beschreibung:Summary:
The host is running WordPress and is prone to Remote Code
Execution vulnerability.

Vulnerability Insight:
The flaw is due to error under 'wp-admin/options.php' file. These
can be exploited by using valid user credentials with 'manage_options' and upload_files capabilities.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code by
uploading a PHP script and adding this script pathname to active_plugins.

Affected Software/OS:
WordPress, WordPress prior to 2.3.3
WordPress, WordPress MU prior to 1.3.2.

Solution:
Upgrade to version 1.3.2 and 2.3.3 or later.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Querverweis: BugTraq ID: 27633
Common Vulnerability Exposure (CVE) ID: CVE-2008-5695
http://www.securityfocus.com/bid/27633
https://www.exploit-db.com/exploits/5066
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt
http://secunia.com/advisories/28789
http://securityreason.com/securityalert/4798
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.