WordPress是一款免费的论坛Blog系统。
WordPress中负责上传文件的代码如下:
漏洞文件:'wp-admin/includes/file.php'
Bugtraq ID: 37005
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Nov 11 2009 12:00AM
Updated: Nov 12 2009 03:56PM
Credit: Dawid Golunski
Vulnerable: WordPress WordPress 2.8.5
WordPress WordPress 2.8.4
WordPress WordPress 2.8.3
WordPress WordPress 2.8.2
WordPress WordPress 2.8.1
WordPress WordPress 2.8
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 37005
WordPress是一款免费的论坛Blog系统。
WordPress中负责上传文件的代码如下:
wp-admin/includes/file.php:
---[cut]---
line 217:
function wp_handle_upload( &$file, $overrides = false, $time = null ) {
---[cut]---
// All tests are on by default. Most can be turned off by $override[{test_name}] = \
false; $test_form = true;
$test_size = true;
// If you override this, you must provide $ext and $type!!!!
$test_type = true;
$mimes = false;
---[cut]---