wordpress

• Author: Miklos Vajna
• Vulnerable: 2.8.5-1getorin1
• Unaffected: 2.8.6-1getorin1

A security issue and a vulnerability have been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.

1. The security issue is caused due to the wp_check_filetype() function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with an e.g. “gif”, “jpg”, “png”, “tif”, “wmv” extension.
2. Input passed via certain parameters to press-this.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.

• Bug Tracker URL: http://bugs.frugalware.org/task/4043

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3890
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3891