WordPress WP Symposium Arbitrary File Upload Vulnerabilities

Bugtraq ID:	51188
Class:	Design Error
CVE:	CVE-2011-5051
Remote:	Yes
Local:	No
Published:	Dec 28 2011 12:00AM
Updated:	Jan 11 2012 12:50AM
Credit:	Secunia Research
Vulnerable:	WP Symposium WP Symposium 11.11.26
Not Vulnerable:	WP Symposium WP-Symposium 11.12.24

WordPress WP Symposium Arbitrary File Upload Vulnerabilities

The WP Symposium is prone to multiple vulnerabilities that lets attackers upload arbitrary files.

An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

WordPress WP Symposium Arbitrary File Upload Vulnerabilities

Attackers can exploit these issues through a browser.

WordPress WP Symposium Arbitrary File Upload Vulnerabilities

Solution:
The vendor released an update. Please see the references for details.

WordPress WP Symposium Arbitrary File Upload Vulnerabilities

References:

• Secunia Research: WordPress WP Symposium Plugin Two Arbitrary File Upload Vulner (Secunia)
  
• Wordpress Homepage (Wordpress)