Vulnerabilities > CVE-2012-5318 - Arbitrary File Upload vulnerability in Kishore Asokan Kish Guest Posting Plugin 1.2

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
kishore-asokan
wordpress
exploit available

Summary

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part Description Count
Application
Kishore_Asokan
1
Application
Wordpress
1

Exploit-Db

descriptionWordpress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload. CVE-2012-1125,CVE-2012-5318. Webapps exploit for php platform
fileexploits/php/webapps/18412.php
idEDB-ID:18412
last seen2016-02-02
modified2012-01-23
platformphp
port
published2012-01-23
reporterEgiX
sourcehttps://www.exploit-db.com/download/18412/
titleWordPress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload
typewebapps