Neosense Theme <= 1.7 - Unrestricted File Upload

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Neosense is a commercial WordPress theme by dynamicpress.

Version 1.7 (and possibly earlier) includes in its theme directory a copy of the "qquploader" ajax file uploader, which does not verify user authorization.

Using this uploader, an attacker can upload any file to the site. The uploaded file is placed in the wp-content/uploads/YYYY/mm directory, which is normally writable.

The vulnerability can be used to achieve remote code execution by uploading a PHP script with extension .php or .phtml.

Affects

Theme
fixed in version 1.8

References

URL https://themeforest.net/item/neosense-multipurpose-wordpress-theme/6363229
URL https://lifeforms.nl/20160919/unrestricted-upload-neosense
URL http://seclists.org/fulldisclosure/2016/Sep/48

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter Walter Hop
Submitter Website https://lifeforms.nl/
Views 618
Verified No
WPVDB ID 8622

Timeline

Publicly Published 2016-09-19 (3 months ago)
Added 2016-09-20 (3 months ago)
Last Updated 2016-09-20 (3 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.