1 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-15042 – Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2016-15042

The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Los complementos Frontend File Manager (versiones &lt; 4.0) y N-Media Post Front-end Form (versiones &lt; 1.1) para WordPress son vulnerables a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo a través de las acciones AJAX `nm_filemanager_upload_file` y `nm_postfront_upload_file`. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor de los sitios afectados, lo que puede hacer posible la ejecución remota de código. • https://wordpress.org/plugins/nmedia-user-file-uploader/#developers https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0 https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form https://www.wordf • CWE-434: Unrestricted Upload of File with Dangerous Type •