WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability

2012-08-22T00:00:00
ID EDB-ID:37653
Type exploitdb
Reporter Crim3R
Modified 2012-08-22T00:00:00

Description

WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/55174/info

The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability.

An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. 

http://www.example.com/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html