|
|
|
|
| |
Credit:
The information has been provided by Egidio Romano aka EgiX
|
| |
Vulnerable Systems:
* WordPress KishPress Guest Posting 1.0 and prior
Kish Guest Posting plugin for WordPress could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the uploadify.php script. By sending a direct request using the folder parameter, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
CVE-2012-1125 : Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
Patch Availability:
http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt
CVE Information:
CVE-2012-1125
Disclosure Timeline:
[19/12/2011] - Vulnerability discovered
[19/12/2011] - Vendor notified through http://kish.in/contact-me/
[07/01/2012] - No response from vendor, notified again via email
[16/01/2012] - After four weeks still no response
[23/01/2012] - Public disclosure
|
|
|
|
|
