PT-2013-5885 · Lazy Seo · Lazy Seo

Acc3Ss

Published

2013-09-30

Updated

2017-08-29

CVE-2013-5961

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lazy SEO plugin version 1.1.9

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a PHP file and then accessing it via a direct request. This is due to an unrestricted file upload vulnerability in the lazyseo.php file.

Recommendations For version 1.1.9, update to a newer version that contains a fix for this issue, as the current version allows unrestricted file uploads that can be exploited to execute arbitrary PHP code.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-5961

Affected Products

Lazy Seo

PT-2013-5885 · Lazy Seo · Lazy Seo

CVE-2013-5961

Related Identifiers

Affected Products

References · 7