CVE-2012-3576 – IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-3576

06 Mar 2012 — Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. Vulnerabilidad de subida de fichero sin restricción en php/upload.php del plugin wpStoreCart en versiones anteriores a la 2.5.30 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una e... • https://www.exploit-db.com/exploits/19023 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •