Vulnerability Report

CVE-2008-5695

RCE

Title: Wordpress Wordpress RCE

RCE

Proof Of Concept

PoC Available for CVE-2008-5695

CWE Category CWE-20
Published Date Dec 19, 2008
Modified Date Apr 09, 2025
Exploit Status Available
Score 8.5 CVSS v2.0
Exploit Probability (EPSS)
16.37%

Vulnerability Summary

CVE-2008-5695: wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Impacted Vendors

W
wordpress 2

Reference Links

http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 http://secunia.com/advisories/28789 http://securityreason.com/securityalert/4798 http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.securityfocus.com/bid/27633 https://www.exploit-db.com/exploits/5066 http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1 http://secunia.com/advisories/28789 http://securityreason.com/securityalert/4798 http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt http://www.securityfocus.com/bid/27633 https://www.exploit-db.com/exploits/5066
CVSS v2.0
Source Entity [email protected]
Severity HIGH
8.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:S/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-5695 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/5066
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:S/C:C/I:C/A:C

Affected Stack

No specific products linked.