|
Description
|
|
Two vulnerabilities have been discovered in the Uploader plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) Input passed via the "blog" GET parameter to wp-content/plugins/uploader/views/notify.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
2) The wp-content/plugins/uploader/uploadify/uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.
The vulnerabilities are confirmed in version 1.0.4. Other versions may also be affected.
|
