PT-2021-8373 · Unknown+1 · Themify Framework+1

Published

2021-06-17

Updated

2021-06-23

CVE-2013-20002

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Elemin version before 1.2.2 Themify framework version before 1.2.2

Description The issue allows remote attackers to upload and execute arbitrary PHP code via the Themify framework. This is done through the wp-content/themes/elemin/themify/themify-ajax.php file.

Recommendations For Elemin version before 1.2.2, update to version 1.2.2 or later. For Themify framework version before 1.2.2, update to version 1.2.2 or later. As a temporary workaround, consider restricting access to the themify-ajax.php file until a patch is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2013-20002

Affected Products

Elemin

Themify Framework

PT-2021-8373 · Unknown+1 · Themify Framework+1

CVE-2013-20002

Weakness Enumeration

Related Identifiers

Affected Products

References · 6