| Summary: | <www-apps/wordpress-2.8.6: Multiple vulnerabilities (CVE-2009-{3890,3891}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | px, web-apps |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/ | ||
| Whiteboard: | ~3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Alex Legler (RETIRED)
2009-11-15 09:58:04 UTC
CVE-2009-3890 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3890): Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. CVE-2009-3891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3891): Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). Hi All, The current wordpress .ebuild works with 2.8.6 build when incremented. 2.8.6 in CVS. Closing this one as no version was marked as stable. |