Lucene search

PRIOn knowledge basePRION:CVE-2012-1125

HistoryOct 08, 2012 - 5:55 p.m.

Unrestricted file upload

2012-10-0817:55:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.042 Low

EPSS

Percentile

92.3%

JSON

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.

CPENameOperatorVersion
kish_guest_posting_pluginle1.1
kish_guest_posting_plugineq1.0

CPE	Name	Operator	Version
	kish_guest_posting_plugin	le	1.1
	kish_guest_posting_plugin	eq	1.0

References

archives.neohapsis.com/archives/bugtraq/2012-01/0145.html

plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt

plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php

secunia.com/advisories/47688

www.openwall.com/lists/oss-security/2012/03/06/11

www.openwall.com/lists/oss-security/2012/03/06/3

www.openwall.com/lists/oss-security/2012/03/08/1

www.osvdb.org/78479

www.securityfocus.com/bid/51638

exchange.xforce.ibmcloud.com/vulnerabilities/79563

www.exploit-db.com/exploits/18412