1 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. El plugin WordPress Flash Uploader, en versiones anteriores a la 3.1.3 para WordPress, permite que atacantes remotos ejecuten comandos arbitrarios mediante vectores relacionados con caracteres no válidos en image_magic_path. • https://wordpress.org/plugins/wordpress-flash-uploader/changelog https://wordpress.org/support/topic/vulnerability-discovered-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •