Wednesday, February 06, 2008 10:50 AM cmosby

WordPress MU File Upload and Security Bypass - Advisories - Secunia

 

WordPress MU File Upload and Security Bypass

Secunia Advisory:
SA28789

Release Date:
2008-02-06

Critical:

Moderately critical

Impact:
Security Bypass
System access

Where:
From remote

Solution Status:
Vendor Patch

Software:
WordPress MU 1.x

Description:
Alexander Concha has reported a vulnerability in WordPress MU, which can be exploited by malicious users to bypass certain security restrictions and to compromise a vulnerable system.
The wp-admin/options.php script does not properly restrict changes to options. This can be exploited to e.g. upload and execute arbitrary PHP code.
Successful exploitation requires valid user credentials and having "manage_options" capabilities. Successful exploitation for file uploading also requires "upload_files" capabilities.
The vulnerability is reported in version 1.3.1. Prior versions may also be affected.
Solution:
Update to version 1.3.2 or later.
Provided and/or discovered by:
Alexander Concha
Original Advisory:
WordPress MU:
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
Alexander Concha:
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html

Source: WordPress MU File Upload and Security Bypass - Advisories - Secunia

Filed under: , ,

Comments

No Comments