Description
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dawid Golunski · textwebappsphp
https://www.exploit-db.com/exploits/10089
References (10)
Core 10
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37332
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/16/1
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0142.html
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0153.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/15/3
Issue Tracking, Vendor Advisory x_refsource_confirm
http://core.trac.wordpress.org/ticket/11122
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/59958
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0149.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/15/2
Scores
EPSS
0.1049
EPSS Percentile
93.3%
Details
CWE
CWE-94
Status
published
Products (1)
wordpress/wordpress
< 2.8.5
Published
Nov 17, 2009
Tracked Since
Feb 18, 2026