Vulnerabilities > CVE-2012-3574 - Unspecified vulnerability in Tbelmans MM Forms Community 2.2.5/2.2.6

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tbelmans
wordpress
exploit available

Summary

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.

Vulnerable Configurations

Part Description Count
Application
Tbelmans
2
Application
Wordpress
1

Exploit-Db

descriptionWordpress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload. CVE-2012-3574. Webapps exploit for php platform
fileexploits/php/webapps/18997.php
idEDB-ID:18997
last seen2016-02-02
modified2012-06-06
platformphp
port
published2012-06-06
reporterSammy FORGIT
sourcehttps://www.exploit-db.com/download/18997/
titleWordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
typewebapps