Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3890 — Code Injection in Wordpress

CWE-94 — Code Injection5 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

10.5%

top 6.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wordpress Debian Wordpress

Timeline

PublishedNov 17

Latest updateMay 2

Description

Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.8.6-1 (bookworm)

▶Debianwordpress/wordpress< 2.8.6-1+3

▶NVDwordpress/wordpress2.8.5

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-fg69-73j6-crqr: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions↗2022-05-02

▶

OSV

CVE-2009-3890: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions↗2009-11-17

▶

💥Exploits & PoCs

Exploit-DB

WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution↗2009-11-11

▶

📋Vendor Advisories

Debian

CVE-2009-3890: wordpress - Unrestricted file upload vulnerability in the wp_check_filetype function in wp-i...↗2009

▶