Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32068
HistoryMay 11, 2015 - 12:00 a.m.

Remote File Upload Vulnerability in WordPress Ultimate Product Catalogue Plugin

2015-05-1100:00:00
vulners.com
10

Product Description:


Ultimate Product Catalog plugin is designed to
help WordPress sites administrators display products quickly and
easily in an attractive and customizable layout, making your
catalogue easy to browse, sort and update with categories,
sub-categories, and tags.

Vulnerability Summary:


Severity: Critical

Class: Unauthenticated Arbitrary File Upload

Remote: Yes

Vulnerable: Wordpress Ultimate Product Catalogue
Plugin 3.1.1 (and previous versions)

Credit: Luca Ercoli
http://blog.seeweb.it/wordpress-ultimate-product-catalogue-vulnerability

The vulnerability occurs due to the use of
user-supplied input without proper validation.

By sending a specially-crafted HTTP POST
request, a remote unauthenticated attacker can exploit this issue to
upload arbitrary file and execute it in the context of the webserver
process.

Vulnerability
Description:


Full disclosure and a proof-of-concept (PoC) exploit at:

http://blog.seeweb.it/wordpress-ultimate-product-catalogue-vulnerability

Vendor Response:


According to the vendor, a software version that
fixes the vulnerability found has been released and is available for
download.