[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Lynne Pope lynne.pope at gmail.com
Wed Nov 11 20:53:34 UTC 2009

2009/11/12 Matt Martz <matt at sivel.net>

> > Couldn't you just block anything with *.php.* from being uploaded thru
> > wordpress?
> Ryan has opened a ticket for this and has already attached a patch.
> http://core.trac.wordpress.org/ticket/11122

Cool :-)

I just learned that Multiviews are enabled by default and that this is the
config for WHM/cPanel servers. Which means a whole heap of WordPress users
will have this without knowing that this kind of content negotiation can
result in security vulnerabilities.

Re - the patch, I have a question I want to make here (because it could be
completely off the wall)...
Wouldn't getimagesize($imgfile); do a check to ensure the file has width and
height, which an image has but a script file does not? Or can that be

I am not yet in the PHP expert league, as some of you are, so thought I'd
ask here rather than clutter up the trac ;)



More information about the wp-hackers mailing list