N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload
Description | The "upload_file()" ajax function is affected from unrestricted file upload vulnerability. |
Proof of Concept |
|
Affects Plugin
fixed in version 1.4
|
References
EXPLOITDB | 36738 |
METASPLOIT | exploit/unix/webapp/wp_nmediawebsite_file_upload |
PACKETSTORM | 131413 |
PACKETSTORM | 131514 |
URL | http://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/ |
Classification
Type | UPLOAD |
CWE | CWE-434 |
Miscellaneous
Submitter | Claudio Viviani |
Submitter Website | http://www.homelab.it |
Submitter Twitter | homelabit |
Views | 2283 |
Verified | Yes |
WPVDB ID | 7896 |
Timeline
Publicly Published | 2015-04-12 (almost 4 years ago) |
Added | 2015-04-13 (almost 4 years ago) |
Last Updated | 2015-05-15 (almost 4 years ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |