Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File UploadSign up to our free email alerts service for instant vulnerability notifications!
There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary code to be uploaded to the server.
|Submitter||Larry W. Cashdollar|
|Publicly Published||2015-06-09 (almost 3 years ago)|
|Added||2015-06-09 (almost 3 years ago)|
|Last Updated||2015-06-16 (almost 3 years ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|