Date: Tue, 6 Mar 2012 09:31:22 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Can we assign CVE-identifier for this security vulnerability, thanks. http://osvdb.org/show/osvdb/78479 http://www.securityfocus.com/bid/51638 http://secunia.com/advisories/47688/ http://www.exploit-db.com/exploits/18412/ Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/ File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says: """ = 1.2 = security update for Uploadify Script """ But I haven't tested (yet) if that is valid fix for the vulnerability. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.