vendor:
Wordpress
by:
Alexander Concha
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Wordpress
Affected Version From: 2.2
Affected Version To: 1.2.2002
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested:
WordPress Arbitrary File Upload
This script allows an attacker to upload arbitrary files to a vulnerable Wordpress installation. It takes the target host, a valid username and password, the path to the remote file, and the file to upload as arguments. The script also creates a new post every time it is run, unless a post ID is specified.
Mitigation:
Update to a patched version of Wordpress.