WordPress WP e-Commerce Plugin Multiple Security Vulnerabilities

2014-01-24T00:00:00
ID EDB-ID:39063
Type exploitdb
Reporter KedAns-Dz
Modified 2014-01-24T00:00:00

Description

WordPress WP e-Commerce Plugin Multiple Security Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/65130/info

The WP e-Commerce plugin for WordPress is prone to multiple security vulnerabilities, including:

1. Multiple remote code-execution vulnerabilities.
2. A local file-include vulnerability
3. An arbitrary file-upload vulnerability

An attacker can exploit these issues to execute arbitrary code, include arbitrary local files, upload arbitrary files to the affected computer that may result in arbitrary code execution within the context of the vulnerable application.

WP e-Commerce 3.8.9.5 is vulnerable; other versions may also be affected. 

Local file-include
http://www.example.com/wp-e-commerce/wpsc-includes/misc.functions.php?image_name=[LFI]

Remote code-execution
http://www.example.com/wp-e-commerce/wpsc-admin/ajax.php?wpsc_action=[CMD]
http://www.example.com/wp-e-commerce/wpsc-admin/display-sales-logs.php?c=[CMD]