CVE-2009-3890

Published: Nov 17, 2009Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

Affected (1)

Products: Wordpress: Wordpress

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Up to 2.8.5

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (20)

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html

Source: secalert@redhat.com

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html

Source: secalert@redhat.com

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html

Source: secalert@redhat.com

Broken Link

http://core.trac.wordpress.org/ticket/11122

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://secunia.com/advisories/37332

Source: secalert@redhat.com

Third Party Advisory

http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/

Source: secalert@redhat.com

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2009/11/15/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/11/15/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/11/16/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.osvdb.org/59958

Source: secalert@redhat.com

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://core.trac.wordpress.org/ticket/11122

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://secunia.com/advisories/37332

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2009/11/15/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/11/15/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/11/16/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.osvdb.org/59958

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.