فا

‫ WordPress Business Intelligence Lite Plugin Arbitrary File Upload Vulnerability

IRCAD2014033230

Number:IRCAD2014033230
Date: 2014/03/31

Software:

WordPress Business Intelligence Lite Plugin 1.x

Description

A vulnerability has been reported in the Business Intelligence Lite plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the wp-content/plugins/wp-business-intelligence-lite/resources/open-flash-chart/php-ofc-library/ofc_upload_image.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability is reported in version 1.0.6. Other versions may also be affected.

Solution:

Update to version 1.1.

Resources:

Business Intelligence Lite:

Manish Kishan Tanwar:

secunia:

http://secunia.com/advisories/57590/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 16 فروردین 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0