Lucene search

RedhatCVE-2013-7102

HistoryDec 23, 2013 - 11:55 p.m.

CVE-2013-7102

2013-12-2323:55:04

CWE-20

redhat

web.nvd.nist.gov

cve

2013

7102

file upload

vulnerability

optimizepress

wordpress

remote code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.179

Percentile

96.3%

JSON

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.

Affected configurations

Nvd

Node

optimizepressoptimizepressRange≤1.60---wordpress

VendorProductVersionCPE
optimizepressoptimizepress*cpe:2.3:a:optimizepress:optimizepress:*:-:-:*:-:wordpress:*:*

Vendor	Product	Version	CPE
optimizepress	optimizepress	*	cpe:2.3:a:optimizepress:optimizepress::-:-::-:wordpress::

References

blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html

help.optimizepress.com/customer/portal/articles/1381790-important-optimizepress-1-0-security-update

seclists.org/fulldisclosure/2013/Dec/127

www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.179

Percentile

96.3%

JSON

Related for CVE-2013-7102