Japan Vulnerability NotesJVN:87863382JVN#87863382: N-Media file uploader vulnerability in handling uploaded files
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
59.9%
N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability (CWE-264) in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed.
Impact
A user with “Author” privileges and above may execute an arbitrary command on the server.
Solution
Update the software
Update to the latest version according to the information provided by the developer and modify the settings for file types that are allowed to be uploaded.
Products Affected
- N-Media file uploader versions prior to 3.4
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
59.9%