‫ WordPress OptimizePress Plugin Arbitrary File Upload Vulnerability

IRCAD2013123056
ID: IRCAD2013123056
Release Date: 2013-12-13
Criticality level: Highly critical
Software:
WordPress OptimizePress Plugin 1.x
Description:
A vulnerability has been reported in the OptimizePress plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the /wp-content/themes/OptimizePress/lib/admin/media-upload.php script improperly validating the extension of an uploaded file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerability is reported in versions prior to 1.6.
Solution
Update to version 1.6.
References:
OptimizePress:
OSIRT:
Secunia:
http://secunia.com/advisories/55957/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 28 آذر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0