CVE-2009-3890
published 2009-11-17CVE-2009-3890: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration…
PriorityP344medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
8.43%
94.3th percentile
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.8.6-1 (bookworm) | wordpress 2.8.6-1 (bookworm) |
| wordpress | wordpress | <= 2.8.5 | — |
| wordpress | wordpress | >= 0 < 2.8.6-1 | 2.8.6-1 |
| wordpress | wordpress | >= 0 < 2.8.6-1 | 2.8.6-1 |
| wordpress | wordpress | >= 0 < 2.8.6-1 | 2.8.6-1 |
| wordpress | wordpress | >= 0 < 2.8.6-1 | 2.8.6-1 |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fg69-73j6-crqr: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions
ghsa_unreviewed·2022-05-02
CVE-2009-3890 [MEDIUM] CWE-94 GHSA-fg69-73j6-crqr: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
OSV
CVE-2009-3890: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions
osv·2009-11-17·CVSS 6.0
CVE-2009-3890 [MEDIUM] CVE-2009-3890: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
Debian
CVE-2009-3890: wordpress - Unrestricted file upload vulnerability in the wp_check_filetype function in wp-i...
vendor_debian·2009·CVSS 6.0
CVE-2009-3890 [MEDIUM] CVE-2009-3890: wordpress - Unrestricted file upload vulnerability in the wp_check_filetype function in wp-i...
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
Scope: local
bookworm: resolved (fixed in 2.8.6-1)
bullseye: resolved (fixed in 2.8.6-1)
forky: resolved (fixed in 2.8.6-1)
sid: resolved (fixed in 2.8.6-1)
trixie: resolved (fixed in 2.8.6-1)
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.htmlhttp://core.trac.wordpress.org/ticket/11122http://secunia.com/advisories/37332http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/http://www.openwall.com/lists/oss-security/2009/11/15/2http://www.openwall.com/lists/oss-security/2009/11/15/3http://www.openwall.com/lists/oss-security/2009/11/16/1http://www.osvdb.org/59958http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.htmlhttp://core.trac.wordpress.org/ticket/11122http://secunia.com/advisories/37332http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/http://www.openwall.com/lists/oss-security/2009/11/15/2http://www.openwall.com/lists/oss-security/2009/11/15/3http://www.openwall.com/lists/oss-security/2009/11/16/1http://www.osvdb.org/59958
2009-11-17
Published