CVE-2008-5695

CVE Database · CVE-2008-5695

CVE-2008-5695

· N/AModified

CVSS v3.1

N/A

EPSS

12.01%

Published

Dec 19, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBWordPress MU < 1.3.2 - 'active_plugins' Code Execution TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Weaknesses (CWE)

CWE-20

Affected Products (2)

wordpress · wordpressvulnerable

wordpress · wordpress_mu (up to 1.3.2)vulnerable

References (14)

http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1

Release NotesVendor Advisory

http://secunia.com/advisories/28789

Third Party Advisory

http://securityreason.com/securityalert/4798

Third Party Advisory