PT-2018-4247 · WordPress · Wordpress Flash Uploader Plugin

Seidr

Publicado

2018-04-25

Atualizado

2018-05-25

CVE-2014-5014

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WordPress Flash Uploader plugin versions prior to 3.1.3

Description The issue allows remote attackers to execute arbitrary commands. This is related to invalid characters in the image magic path.

Recommendations For WordPress Flash Uploader plugin versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the image magic path configuration to minimize the risk of exploitation.

Correção

RCE

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2014-5014

Produtos afetados

Wordpress Flash Uploader Plugin

PT-2018-4247 · WordPress · Wordpress Flash Uploader Plugin

CVE-2014-5014

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4