1 results (0.006 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5014 – Flash Uploader <= 3.1.2 - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2014-5014
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. El plugin WordPress Flash Uploader, en versiones anteriores a la 3.1.3 para WordPress, permite que atacantes remotos ejecuten comandos arbitrarios mediante vectores relacionados con caracteres no válidos en image_magic_path. • https://wordpress.org/plugins/wordpress-flash-uploader/changelog https://wordpress.org/support/topic/vulnerability-discovered-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •