CVE-2017-1002000 – How to Create an App for Android iPhone Easytouch <= 3.0 - Missing Authorization

https://notcve.org/view.php?id=CVE-2017-1002000

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. Existe una vulnerabilidad en el plugin mobile-friendly-app-builder-by-easytouch v3.0 en WordPress. El código en el archivo ./mobile-friendly-app-builder-by-easytouch/server/images.php no requiere autenticación o no verifica que el usuario tenga permisos para subir contenido. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96899 http://www.securityfocus.com/bid/96905 http://www.vapidlabs.com/advisory.php?v=179 https://wordpress.org/plugins-wp/mobile-friendly-app-builder-by-easytouch • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •