Detections
Analytics

Uploader Plugin for WordPress File Upload Arbitrary Code Execution

high Nessus Plugin ID 64264

Language:

Synopsis

The remote web server contains a PHP script that allows for arbitrary file uploads.

Description

The Uploader Plugin for WordPress installed on the remote host is affected by a file upload vulnerability due to a failure to properly verify or sanitize user-uploaded files. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the remote host, subject to the permissions of the web server user id.

Solution

Unknown at this time.

See Also

http://www.nessus.org/u?d052c6cc

Plugin Details

Severity: High

ID: 64264

File Name: wordpress_uploader_arbitrary_upload.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 1/28/2013

Updated: 6/6/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 12/28/2012

Reference Information

BID: 57112