CVE-2012-5318 – Kish Guest Posting <= 1.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-5318
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125. Vulnerabilidad de subida de archivos sin restricción en uploadify/scripts/uploadify.php en el plugin v1.2 Kish Guest Posting para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un archivo con una doble extensión en su nombre, después accediendo al mismo a través de una petición al fichero en el directorio especificado por el parámetro folder. NOTA: esta vulnerabilidad existe debido a un parche incompleto para CVE-2012-1125. The Kish Guest Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation when double extensions are supplied in the uploadify/scripts/uploadify.php file in versions up to, and including, 1.2. • https://www.exploit-db.com/exploits/18412 http://secunia.com/advisories/47688 http://www.openwall.com/lists/oss-security/2012/03/08/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2012-1125 – Kish Guest Posting <= 1.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. Vulnerabilidad de subida de archivos sin restricción en uploadify/scripts/uploadify.php en el plugin Kish Guest Posting anterior a v1.2 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un archivo con una extensión PHP, después accediendo al mismo a través de una petición al fichero en el directorio especificado por el parámetro folder. The Kish Guest Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify/scripts/uploadify.php file in versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/18412 http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php http://secunia.com/advisories/47688 http://www.exploit-db.com/exploits/18412 http://www.openwall.com/lists/oss-security/2012/03/06/11 http://www.openwall.com/lists/oss-security/2012/03/06/3 http • CWE-434: Unrestricted Upload of File with Dangerous Type •