CVE-2017-6104 – Wordpress Plugin Mobile App Native 3.0 <= 3.0 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2017-6104

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. Vulnerabilidad de subida remota de archivos en el plugin Mobile App Native 3.0 de Wordpress. Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 in /zen-mobile-app-native/server/images.php file. WordPress plugins Zen App Mobile Native versions 3.0 and below, webapp-builder version 2.0, wp2android-turn-wp-site-into-android-app version 1.1.4, mobile-app-builder-by-wappress version 1.05, and mobile-friendly-app-builder-by-easytouch version 3.0 suffer from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96547 http://www.vapidlabs.com/advisory.php?v=178 https://wpvulndb.com/vulnerabilities/8743 • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type CWE-732: Incorrect Permission Assignment for Critical Resource •