CVE-2015-2194 – Fusion <= 3.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-2194
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. Vulnerabilidad de la subida de ficheros sin restricciones en la función fusion_options en functions.php en el tema Fusion 3.1 para Wordpress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fichero con una extensión ejecutable en una acción fusion_save, y posteriormente accediendo a ello a través de vectores no especificados. • http://packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html http://www.securityfocus.com/bid/75341 https://wpvulndb.com/vulnerabilities/7795 • CWE-434: Unrestricted Upload of File with Dangerous Type •