| Vulnerability Name: | CVE-2008-2392 (CCN-42561) | ||||||||
| Assigned: | 2008-05-19 | ||||||||
| Published: | 2008-05-19 | ||||||||
| Updated: | 2018-10-31 | ||||||||
| Summary: | Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:UR)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon May 19 2008 - 00:13:43 CDT Wordpress Malicious File Execution Vulnerability Source: MITRE Type: CNA CVE-2008-2392 Source: SREASON Type: Third Party Advisory 3897 Source: CCN Type: WordPress Web site WordPress Source: CCN Type: OSVDB ID: 45485 WordPress Dashboard Write Tabs Upload Section Unrestricted File Upload Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080519 Wordpress Malicious File Execution Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 29276 Source: CCN Type: BID-29276 RETIRED: WordPress 'Blog' Module 'Write Tab' Arbitrary File Upload Vulnerability Source: XF Type: Third Party Advisory, VDB Entry wordpress-writetabs-file-upload(42561) Source: XF Type: UNKNOWN wordpress-writetabs-file-upload(42561) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||