CVE-2011-3129

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

Published: Aug 10, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3129
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	3.1	3.1.x
WordPress / wordpress	3.2-beta1	3.2-beta1.x
WordPress / wordpress	3.1.2	3.1.2.x
WordPress / wordpress	3.1.1	3.1.1.x

http://secunia.com/advisories/49138
http://wordpress.org/news/2011/05/wordpress-3-1-3/
http://www.debian.org/security/2012/dsa-2470
http://www.securityfocus.com/bid/47995

Vulnerability Database

CVE-2011-3129