WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File UploadSign up to our free email alerts service for instant vulnerability notifications!
The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded.
|Proof of Concept||
1. Install wp-file-upload on a WordPress site and activate it. 2. Create an upload form on a page. 3. Create a file named payload.php.....jpg with the contents <?php echo "You got pwnd"; 4. Use the form you created to upload this payload 5. Navigate to /wp-content/uploads/payload.php.....jpg and see "You got pwnd" printed.
fixed in version 3.4.1
|Publicly Published||2015-10-29 (over 1 year ago)|
|Added||2015-11-09 (over 1 year ago)|
|Last Updated||2015-11-09 (over 1 year ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|