‫ WordPress Asset Manager Plugin Arbitrary File Upload Vulnerability

IRCAD2012061949
ID: IRCAD2012061949
Release Date: 2012-06-06
Criticality level: Highly critical
Software:
WordPress Asset Manager Plugin 0.x
Description:
A vulnerability has been discovered in the Asset Manager plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the wp-content/plugins/asset-manager/upload.php script allowing to upload files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerability is confirmed in version 0.2. Other versions may also be affected.
Solution
Restrict access to the wp-content/plugins/asset-manager/upload.php file (e.g. via .htaccess).
References:
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 خرداد 1391

امتیاز

امتیاز شما
تعداد امتیازها:0