‫ WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerability

IRCAD2012041839
ID: IRCAD2012041839
Release Date: 2012-04-10
Criticality level: Highly critical
 
Software:
WordPress WP Marketplace Plugin 1.x
 
Description:
A weakness and a vulnerability have been discovered in the WP Marketplace plugin for WordPress, which can be exploited by malicious people to enumerate files on an affected system and compromise a vulnerable system.
1) Input passed via the POST parameters to wp-content/plugins/wpmarketplace/uploadify/check.php is not properly sanitised before being used to check for the existence of files. This can be exploited to enumerate existing files via directory traversal sequences.
2) The wp-content/plugins/wpmarketplace/uploadify/uploadify.php script allows upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a malicious PHP script.
The weakness and vulnerability are confirmed in version 1.2.1. Prior versions may also be affected.
 
Solution
Update to version 1.2.2.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 22 فروردین 1391

امتیاز

امتیاز شما
تعداد امتیازها:0