PT-2012-4823 · N Media · Nmedia Member Conversation Plugin

Published

2012-06-17

Updated

2017-08-29

CVE-2012-3577

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Nmedia Member Conversation plugin versions prior to 1.4

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the doupload.php file, and then accessing it via a direct request to the file in wp-content/uploads/user uploads.

Recommendations For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the doupload.php file to prevent unauthorized file uploads.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-3577

Affected Products

Nmedia Member Conversation Plugin

PT-2012-4823 · N Media · Nmedia Member Conversation Plugin

CVE-2012-3577

Weakness Enumeration

Related Identifiers

Affected Products

References · 9