Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 06 Mar 2012 12:39:15 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: Kish Guest Posting Plugin for WordPress
 File Upload Remote PHP Code Execution

On 03/06/2012 12:31 AM, Henri Salo wrote:
> Can we assign CVE-identifier for this security vulnerability, thanks.
> 
> http://osvdb.org/show/osvdb/78479
> http://www.securityfocus.com/bid/51638
> http://secunia.com/advisories/47688/
> http://www.exploit-db.com/exploits/18412/
> 
> Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/
> 
> File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says:
> 
> """
> = 1.2 =
> security update for Uploadify Script
> """
> 
> But I haven't tested (yet) if that is valid fix for the vulnerability.
> 
> - Henri Salo

Please use CVE-2012-1125 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ