WordPress VideoWhisper Live Streaming Integration任意文件上传漏洞

2014-03-06T00:00:00
ID SSV:61679
Type seebug
Reporter Root
Modified 2014-03-06T00:00:00

Description

Bugtraq ID:65866 CVE ID:CVE-2014-1905

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

WordPress VideoWhisper Live Streaming Integration所包含的"/wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snaps hots.php"在上传文件到服务器时没有正确校验恶意文件扩展,可导致远程攻击者上传和执行任意PHP文件。 0 WordPress VideoWhisper Live Streaming Integration 4.27.3 厂商补丁:

WordPress

WordPress VideoWhisper Live Streaming Integration 4.29.5已经修复该漏洞,建议用户下载更新: http://wordpress.org/plugins/videowhisper-live-streaming-integration/

                                        
                                            
                                                After successful exploitation the remote shell will be accessible via the following URL:

http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/ls/snapshots/1.php.jpg

Successful exploitation of this vulnerability requires that the webserver is not configured to handle the mime-type for media files with .jpg extension.