‫ WordPress Advanced Custom Fields Plugin "acf_abspath" Remote File Inclusion Vulnerability

IRCAD2012112302
 ID: IRCAD2012112302                             
Release Date: 2012-11-14
Criticality level: Highly critical
Software:
WordPress Advanced Custom Fields Plugin 3.x
Description:
A vulnerability has been discovered in the Advanced Custom Fields plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "acf_abspath" POST parameter in wp-content/plugins/advanced-custom-fields/core/actions/export.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources.
The vulnerability is confirmed in version 3.5.1. Other versions may also be affected.
Solution
No official solution is currently available.
References:
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 آبان 1391

امتیاز

امتیاز شما
تعداد امتیازها:0