CVE-2008-6811 – Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2008-6811

Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. Vulnerabilidad de carga de archivos sin restricciones en image_processing.php en e-Commerce Plugin v3.4 y anteriores para Wordpress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero con extensión ejecutable, y luego accediendo a él mediante una petición directa al fichero en wp-content/plugins/wp-shopping-cart/. • https://www.exploit-db.com/exploits/6867 http://www.securityfocus.com/bid/31982 https://exchange.xforce.ibmcloud.com/vulnerabilities/46224 • CWE-434: Unrestricted Upload of File with Dangerous Type •