CVE-2015-2194 – Fusion <= 3.1 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2015-2194

13 Feb 2015 — Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. Vulnerabilidad de la subida de ficheros sin restricciones en la función fusion_options en functions.php en el tema Fusion 3.1 para Wordpress permite a usuarios remotos autenticados ejecutar código arbitrario me... • http://packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •