WordPress WP Symposium Plugin Arbitrary File Upload Vulnerability


Description   Claudio Viviani has discovered a vulnerability in the WP Symposium plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application not properly validating uploaded file types, which can be exploited to upload and execute arbitrary PHP code.
The vulnerability is confirmed in version 14.11. Prior versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
WordPress WP Symposium Plugin
     
Solution   Update to version 14.12.
     
CVE  
     
References   Claudio Viviani:
http://www.homelab.it/index.php/2014/12/11/wordpress-wp-symposium-shell-upload/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Upload of a PHP file in a vulnerable web application
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2014-12-22 

 Target Type 
Server 

 Possible exploit 
Remote