WordPress OptimizePress Plugin Arbitrary File Upload Vulnerability
IRCAD2013123056
ID: IRCAD2013123056
Release Date: 2013-12-13
Criticality level: Highly critical
Software:
WordPress OptimizePress Plugin 1.x
Description:
A vulnerability has been reported in the OptimizePress plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the /wp-content/themes/OptimizePress/lib/admin/media-upload.php script improperly validating the extension of an uploaded file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerability is reported in versions prior to 1.6.
Solution
Update to version 1.6.
References:
OptimizePress:
OSIRT:
Secunia:
http://secunia.com/advisories/55957/
نوشته
 |
|
| تاریخ ایجاد: | 28 آذر 1392 |
نظرات