CVE-2014-10021

Name of the Vulnerable Software and Affected Versions WP Symposium plugin version 14.11

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the UploadHandler.php file in the WP Symposium plugin, and then accessing it via a direct request to the file in server/php/.

Recommendations For WP Symposium plugin version 14.11, consider disabling the UploadHandler.php file or restricting file uploads to prevent exploitation until a patch is available. Restrict access to the server/php/ directory to minimize the risk of exploitation. Avoid using executable file extensions in uploads until the issue is resolved.