CVE-2012-3574

Name of the Vulnerable Software and Affected Versions MM Forms Community plugin versions 2.2.5 through 2.2.6

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the includes/doajaxfileupload.php file, and then accessing it via a direct request to the file in upload/temp.

Recommendations For MM Forms Community plugin versions 2.2.5 and 2.2.6, consider disabling the file upload functionality in includes/doajaxfileupload.php until a patch is available. Restrict access to the upload/temp directory to minimize the risk of exploitation.