WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3) - Vulnerability Database

WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)

Description

WordPress Plugin Enable Media Replace is prone to an SQL injection vulnerability and an arbitrary file upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Enable Media Replace version 2.3 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 2.4 or latest

References

http://www.securityfocus.com/bid/46286/exploit

http://www.exploit-db.com/exploits/16144/

http://secunia.com/advisories/43256

https://wordpress.org/plugins/enable-media-replace/changelog/

Related Vulnerabilities

Severity

High

Classification

CWE-89

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N