en

‫ WordPress Relocate Upload Plugin "abspath" File Inclusion Vulnerability

IRCAD2012021719
ID:IRCAD2012021719
Release Date: 2012-02-14
Criticality level: Highly critical
Software:
WordPress Relocate Upload Plugin 0.x
Description:
A vulnerability has been discovered in the Relocate Upload plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "abspath" parameter to wp-content/plugins/relocate_upload/relocate-upload.php (when "ru_folder" is set) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
The vulnerability is confirmed in version 0.14. Prior versions may also be affected.
Solution:
Update to version 0.20.
References:
Secunia:

The Wall

No comments
You need to sign in to comment