‫ WordPress OptimizePress Plugin Arbitrary File Upload Vulnerability

IRCAD2013123056

ID: IRCAD2013123056

Release Date: 2013-12-13

Criticality level: Highly critical

Software:

WordPress OptimizePress Plugin 1.x

Description:

A vulnerability has been reported in the OptimizePress plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the /wp-content/themes/OptimizePress/lib/admin/media-upload.php script improperly validating the extension of an uploaded file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability is reported in versions prior to 1.6.

Solution

Update to version 1.6.

References:

OptimizePress:

http://help.optimizepress.com/customer/portal/articles/1381790-important-optimizepress-1-0-security-update

OSIRT:

http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability

Secunia:

http://secunia.com/advisories/55957/

نظرات

بدون نظر

شما برای نظر دادن باید وارد شوید

نوشته


تاریخ ایجاد:	28 آذر 1392

دسته‌ها

راهنمایی امنیتی آرشیو

امتیاز

امتیاز شما

تعداد امتیازها:0

مرکز مدیریت امداد و هماهنگی عملیات رخدادهای رایانه‌ای

ورود به حساب کاربری

‫ WordPress OptimizePress Plugin Arbitrary File Upload Vulnerability

نظرات

نوشته

دسته‌ها

امتیاز

بایگانی