Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Uploadify Remote File Upload (1.0) - Vulnerability Database

WordPress Plugin Uploadify Remote File Upload (1.0)

Description

WordPress Plugin Uploadify is prone to a vulnerability that lets attackers upload arbitrary files. Successful exploitation of the vulnerability allows an attacker to upload a php code for example and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation. WordPress Plugin Uploadify version 1.0 is vulnerable.

Remediation

Disable the plugin

References

http://packetstormsecurity.com/files/view/98652/wpuploadify-shell.txt
http://www.securityfocus.com/archive/1/516646/30/0/threaded

Related Vulnerabilities

WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Hungred Post Thumbnail 'hpt_file_upload.php' Arbitrary File Upload (2.1.9) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Katalyst TimThumb 'timthumb.php' Arbitrary File Upload (1.0) High
Common tags: Missing Update Unauthenticated File Upload
WordPress Plugin Advanced Custom Fields (ACF) Arbitrary File Upload (5.12.2) High
Common tags: Missing Update Unauthenticated File Upload

Severity

High

Classification

CWE-20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update
Unauthenticated File Upload