‫ WordPress This Way Theme Arbitrary File Upload Vulnerability

IRCAD2013112979
ID: IRCAD2013112979
Release Date: 2013-11-12
Criticality level: Highly critical
Software:
WordPress This Way Theme
Description:
A vulnerability has been reported in the This Way theme for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the wp-
content/themes/ThisWay/includes/uploadify/upload_settings_image.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
 
Solution
No official solution is currently available.
References:
Secunia:
http://secunia.com/advisories/55587/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 آبان 1392

امتیاز

امتیاز شما
تعداد امتیازها:0