1 results (0.002 seconds)

CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 4

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. Vulnerabilidad de subida de fichero sin restricción en includes/doajaxfileupload.php del complemento MM Forms Community 2.2.5 y 2.2.6 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en upload/temp. • https://www.exploit-db.com/exploits/18997 http://secunia.com/advisories/49411 http://www.exploit-db.com/exploits/18997 http://www.opensyscom.fr/Actualites/wordpress-plugins-mm-forms-community-shell-upload-vulnerability.html http://www.securityfocus.com/bid/53852 https://exchange.xforce.ibmcloud.com/vulnerabilities/76133 • CWE-434: Unrestricted Upload of File with Dangerous Type •