CVE-2014-2223

Name of the Vulnerable Software and Affected Versions Plogger versions 1.0 RC1 and earlier

Description The issue allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in "plog-content/uploads/archive/".

Recommendations For Plogger versions 1.0 RC1 and earlier, restrict access to the plog-admin/plog-upload.php file to prevent unauthorized file uploads until a fix is available. As a temporary workaround, consider disabling the file upload functionality in plog-admin/plog-upload.php to minimize the risk of exploitation.