FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 2.8.6,1
de-wordpress < 2.8.6

Details

VuXML ID 0640198a-d117-11de-b667-0030843d3802
Discovery 2009-11-12
Entry 2009-11-14
Modified 2010-05-02

secunia reports:

The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions.

Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. "gif", "jpg", "png", "tif", "wmv" extension.

Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

References

CVE Name CVE-2009-3890
CVE Name CVE-2009-3891
URL http://secunia.com/advisories/37332/
URL http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/