CVE-2017-1002001 – Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2017-1002001

Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Existe una vulnerabilidad en el plugin mobile-app-builder-by-wappress v1.05 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com. Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. There are no file upload authentication or capability checks which make it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/41540 http://www.vapidlabs.com/advisory.php?v=180 https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress • CWE-434: Unrestricted Upload of File with Dangerous Type •