CVE-2014-9308

Name of the Vulnerable Software and Affected Versions WP EasyCart plugin versions prior to 3.0.9

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the products/banners/ directory, then accessing it via a direct request. This is due to an unrestricted file upload vulnerability in the inc/amfphp/administration/banneruploaderscript.php file.

Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the banneruploaderscript.php file and the products/banners/ directory to minimize the risk of exploitation. Avoid using the file upload feature in the administration panel until the issue is resolved.