[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Ken Newman Ken at adcSTUDIO.com
Wed Nov 11 20:49:39 UTC 2009


Wow, 5 hrs ago, we are a bit behind the times... lol, thanks!

On 11/11/2009 3:34 PM, Matt Martz wrote:
>> Couldn't you just block anything with *.php.* from being uploaded thru
>> wordpress?
>>      
> Ryan has opened a ticket for this and has already attached a patch.
>
> http://core.trac.wordpress.org/ticket/11122
>
> Just thought you guys would be interested.
>
>    



More information about the wp-hackers mailing list