Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

  • Published: Dec 19, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-5695
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 8.5
  • AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
WordPress / wordpress - 2.3.2.x
WordPress / wordpress_mu - 1.3.2