CVE-2012-3575 – RBX Gallery < 3.1 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-3575

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. Vulnerabilidad de subida de fichero sin restricción en uploader.php del complemento RBX Gallery 2.1 de WordPress. Permite a usuarios remotos ejecutar código arbitrario subiendo un archivo con una extensión de ejecutable y, después, accediendo a él a través de una petición directa al fichero en uploads/rbxslider. Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin before 3.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. • https://www.exploit-db.com/exploits/19019 http://secunia.com/advisories/49463 http://www.exploit-db.com/exploits/19019 http://www.opensyscom.fr/Actualites/wordpress-plugins-rbx-gallery-multiple-arbitrary-file-upload-vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/76170 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •