EUVD-2015-1021

Malware in sbrugna...

VulnCheck KEV: CVE-2015-1000013

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1...

Wordpress csv2wpec-coupon plugin arbitrary file upload vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. csv2wpec-coupon is one of the plugins that provides import/export WP e-commerce coupons. An arbitrary file upload vulnerability exists in version v1.1 of the Wordpress csv2wpec-coupon...

CVE-2015-1000013

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1...

Design/Logic Flaw

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1...

CVE-2015-1000013

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1...

CVE-2015-1000013

CVE-2015-1000013 affects WordPress plugin csv2wpec-coupon v1.1. The vulnerability is an arbitrary file upload via csv2wpecCoupon_FileUpload.php caused by improper input sanitization of the uploaded file. The provided PoC indicates unauthenticated remote file upload is possible, using a crafted re...

Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload

The code in csv2wpecCouponFileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for "; $uploadfile="/var/www/s.pht"; $ch =...