CVE-2011-3129

critical

Description

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

References

http://www.securityfocus.com/bid/47995

http://www.debian.org/security/2012/dsa-2470

http://wordpress.org/news/2011/05/wordpress-3-1-3/

http://secunia.com/advisories/49138

Details

Source: Mitre, NVD

Published: 2011-08-10

Updated: 2016-05-31

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical