Those who have not upgraded WordPress to 2.2.1, or WordPress MU to 1.2.3, should do so to help mitigate a newly disclosed vulnerability.
The possibility of being exploited still exists after upgrading. Alexander Concha wrote of the arbitrary file upload vulnerability and said updating WordPress or WordPress MU only provides a partial fix.
"The best way to avoid attacks is to disable the access to wp-app.php or app.php," he said.
A function in wp-app.php allows for file uploads. "WordPress also gives the ability to add custom fields in normal posts or pages (this fields are stored in wp_postmeta table too), but it does not check whether this special meta-data fields of attachments are added in normal posts," said Concha.
Secunia summarized the potential threat from this issue:
The vulnerability is caused due to improper authentication verification. This can be exploited to add the custom field "_wp_attached_file" to a post, upload a PHP script to an arbitrary path with wp-app.php or app.php, and execute arbitrary PHP code.
Successful exploitation requires valid Editor credentials and that the system is configured to allow uploads.
iEntry 10th Anniversary
RSS
Archive
