ID de Prueba:	1.3.6.1.4.1.25623.1.0.900975
Categoría:	Web application abuses
Título:	WordPress Multiple Vulnerabilities (Nov 2009)
Resumen:	WordPress is prone to multiple vulnerabilities.
Descripción:	Summary: WordPress is prone to multiple vulnerabilities. Vulnerability Insight: - The 'wp_check_filetype()' function in /wp-includes/functions.php does not properly validate files before uploading them. - Input passed into the 's' parameter in press-this.php is not sanitised before being displayed to the user. Vulnerability Impact: Attackers can exploit this issue to execute arbitrary PHP code by uploading malicious PHP files and to inject arbitrary web script or HTML code which will be executed in a user's browser session. Affected Software/OS: WordPress version prior to 2.8.6. Solution: Update to Version 2.8.6 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3890 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwall.com/lists/oss-security/2009/11/15/3 http://www.openwall.com/lists/oss-security/2009/11/16/1 http://www.osvdb.org/59958 http://secunia.com/advisories/37332 Common Vulnerability Exposure (CVE) ID: CVE-2009-3891 http://www.osvdb.org/59959
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.