PT-2015-3665 · WordPress · Wp Symposium

Claudio Viviani

Published

2015-01-13

Updated

2018-10-30

CVE-2014-10021

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WP Symposium plugin version 14.11

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the UploadHandler.php file in the WP Symposium plugin, and then accessing it via a direct request to the file in server/php/.

Recommendations For WP Symposium plugin version 14.11, consider disabling the UploadHandler.php file or restricting file uploads to prevent exploitation until a patch is available. Restrict access to the server/php/ directory to minimize the risk of exploitation. Avoid using executable file extensions in uploads until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-10021

Affected Products

Wp Symposium

PT-2015-3665 · WordPress · Wp Symposium

CVE-2014-10021

Related Identifiers

Affected Products

References · 6