15 matches found
File Upload Vulnerability in Mailcwp
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blogging sites on servers running PHP and MySQL.The MailCWP plugin allows users to access email directly through a WordPress blog or website. A file upload...
CVE-2016-1000156
Mailcwp remote file upload vulnerability incomplete fix v1.100...
CVE-2016-1000156
Mailcwp remote file upload vulnerability incomplete fix v1.100...
Design/Logic Flaw
Mailcwp remote file upload vulnerability incomplete fix v1.100...
CVE-2016-1000156
CVE-2016-1000156 describes a remote file upload vulnerability in the MailCWP WordPress plugin. The vulnerability stems from incomplete/insufficient hardening of the file upload path, enabling an attacker to upload arbitrary files (potentially a web shell) to the WordPress site. Public references ...
CVE-2016-1000156
Mailcwp remote file upload vulnerability incomplete fix v1.100...
Design/Logic Flaw
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin...
CVE-2015-1000000
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin...
CVE-2015-1000000
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin...
CVE-2015-1000000
CVE-2015-1000000 affects the MailCWP WordPress plugin (around v1.99/v1.100) via an unauthenticated arbitrary file upload vulnerability. The root cause is improper access control in the upload logic (mailcwp-upload.php), allowing any user to upload a file without authentication or type checks, pot...
WordPress MailCWP plugin 'mailcwp-upload.php' arbitrary file upload vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blogging sites on servers running PHP and MySQL.The MailCWP plugin allows users to access email directly through a WordPress blog or website. The MailCWP plugin h...
WordPress Mailcwp 1.99 Shell Upload Exploit
WordPress Mailcwp plugin version 1.99 suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd...
WordPress Mailcwp 1.99 Shell Upload
Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site...
WordPress MailCWP Plugin <= 1.99 - Arbitrary File Upload
This plugin is prone to a arbitrary file upload vulnerability, because the code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded. Solution Update the plugin...
MailCWP 1.100 - Unauthenticated Arbitrary File Upload
The code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded any user can upload a shell to the target WordPress server: Exploitation requires the attacker to guess a writeable location in the http server root...