ID de Prueba:	1.3.6.1.4.1.25623.1.0.900183
Categoría:	Web application abuses
Título:	WordPress 'wp-admin/options.php' RCE Vulnerability
Resumen:	WordPress is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: WordPress is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to error under 'wp-admin/options.php' file. These can be exploited by using valid user credentials with 'manage_options' and upload_files capabilities. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code by uploading a PHP script and adding this script pathname to active_plugins. Affected Software/OS: WordPress, WordPress prior to 2.3.3 WordPress, WordPress MU prior to 1.3.2. Solution: Upgrade to version 1.3.2 and 2.3.3 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5695 BugTraq ID: 27633 http://www.securityfocus.com/bid/27633 https://www.exploit-db.com/exploits/5066 http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://secunia.com/advisories/28789 http://securityreason.com/securityalert/4798
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.