|
Description
|
|
Multiple vulnerabilities have been discovered in the Contus HD FLV Player plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed via the "playid" and "listItem" parameters to wp-content/plugins/contus-hd-flv-player/process-sortable.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) The wp-content/plugins/contus-hd-flv-player/uploadVideo.php script improperly validates uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.
Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for media files with e.g. a ".gif" extension (Configured to handle by default).
The vulnerabilities are confirmed in version 1.7. Other versions may also be affected.
|
