CVE-2008-2392

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
wordpresswordpress
𝑥
≤ 2.5.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
etch
not-affected
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://securityreason.com/securityalert/3897
http://www.securityfocus.com/archive/1/492230/100/0/threaded
http://www.securityfocus.com/bid/29276
https://exchange.xforce.ibmcloud.com/vulnerabilities/42561
http://securityreason.com/securityalert/3897
http://www.securityfocus.com/archive/1/492230/100/0/threaded
http://www.securityfocus.com/bid/29276
https://exchange.xforce.ibmcloud.com/vulnerabilities/42561