Vulnerabilities > CVE-2008-6811 - Unspecified vulnerability in Instinct E-Commerce Plugin

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

instinct

wordpress

exploit available

NVD

Published: 2009-05-18

Updated: 2017-09-29

Summary

Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.

Vulnerable Configurations

Part	Description	Count
Application	Instinct Instinct E Commerce Plugin *	1
Application	Wordpress Wordpress Wordpress *	1

Exploit-Db

description	Wordpress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit. CVE-2008-6811. Webapps exploit for php platform
file	exploits/php/webapps/6867.pl
id	EDB-ID:6867
last seen	2016-02-01
modified	2008-10-29
platform	php
port
published	2008-10-29
reporter	t0pP8uZz
source	https://www.exploit-db.com/download/6867/
title	WordPress Plugin e-Commerce <= 3.4 - Arbitrary File Upload Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References