CVE-2017-1002003
Wp2android <= 1.1.4 - Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Existe una vulnerabilidad en el plugin wp2android-turn-wp-site-into-android-app v1.1.4 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com/.
The Wp2android plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/server/images.php file in versions up to, and including, 1.1.4. That combined with the ability to directly access the file makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
WordPress plugins Zen App Mobile Native versions 3.0 and below, webapp-builder version 2.0, wp2android-turn-wp-site-into-android-app version 1.1.4, mobile-app-builder-by-wappress version 1.05, and mobile-friendly-app-builder-by-easytouch version 3.0 suffer from a remote shell upload vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-07 CVE Published
- 2017-09-14 CVE Reserved
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96908 | Third Party Advisory | |
https://wordpress.org/plugins-wp/wp2android-turn-wp-site-into-android-app | Not Applicable |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/41540 | 2024-08-05 | |
http://www.vapidlabs.com/advisory.php?v=182 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wp2android-turn-wp-site-into-android-app Project Search vendor "Wp2android-turn-wp-site-into-android-app Project" | Wp2android-turn-wp-site-into-android-app Search vendor "Wp2android-turn-wp-site-into-android-app Project" for product "Wp2android-turn-wp-site-into-android-app" | 1.1.4 Search vendor "Wp2android-turn-wp-site-into-android-app Project" for product "Wp2android-turn-wp-site-into-android-app" and version "1.1.4" | wordpress |
Affected
|