Date: Tue, 06 Mar 2012 12:39:15 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution On 03/06/2012 12:31 AM, Henri Salo wrote: > Can we assign CVE-identifier for this security vulnerability, thanks. > > http://osvdb.org/show/osvdb/78479 > http://www.securityfocus.com/bid/51638 > http://secunia.com/advisories/47688/ > http://www.exploit-db.com/exploits/18412/ > > Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/ > > File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says: > > """ > = 1.2 = > security update for Uploadify Script > """ > > But I haven't tested (yet) if that is valid fix for the vulnerability. > > - Henri Salo Please use CVE-2012-1125 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ