[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Matt Martz matt at sivel.net
Wed Nov 11 20:34:11 UTC 2009


> Couldn't you just block anything with *.php.* from being uploaded thru
> wordpress?

Ryan has opened a ticket for this and has already attached a patch.

http://core.trac.wordpress.org/ticket/11122

Just thought you guys would be interested.

-- 
Matt Martz
matt at sivel.net
http://sivel.net/


More information about the wp-hackers mailing list