CVE-2008-5695

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2008-5695

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-5695.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2008-5695

Downstream

DEBIAN-CVE-2008-5695

Withdrawn

2026-01-27T04:09:25.872496Z

Published

2008-12-19T18:30:00Z

Modified

2026-01-27T04:09:25.872496Z

Summary

[none]

Details

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

References

http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
http://secunia.com/advisories/28789
http://securityreason.com/securityalert/4798
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt
http://www.securityfocus.com/bid/27633
https://www.exploit-db.com/exploits/5066

CVE-2008-5695

Affected packages