CVE-2012-3576 – IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-3576

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. Vulnerabilidad de subida de fichero sin restricción en php/upload.php del plugin wpStoreCart en versiones anteriores a la 2.5.30 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en uploads/wpstorecart. • https://www.exploit-db.com/exploits/19023 http://plugins.trac.wordpress.org/changeset?old_path=%2Fwpstorecart&old=555124&new_path=%2Fwpstorecart&new=555124 http://secunia.com/advisories/49459 http://wordpress.org/extend/plugins/wpstorecart/changelog http://www.exploit-db.com/exploits/19023 https://exchange.xforce.ibmcloud.com/vulnerabilities/76166 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •