WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
BID:52130
Info
WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
| Bugtraq ID: | 52130 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2012 12:00AM |
| Updated: | Feb 23 2012 12:00AM |
| Credit: | JingoBD |
| Vulnerable: |
jmagnone Magn WP Drag and Drop Upload 0.9 |
| Not Vulnerable: | |
Discussion
WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
The Magn WP Drag and Drop Upload plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Magn WP Drag and Drop Upload 0.9 is vulnerable; other versions may also be affected.
The Magn WP Drag and Drop Upload plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Magn WP Drag and Drop Upload 0.9 is vulnerable; other versions may also be affected.
Exploit / POC
WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
References:
References:
- Magn WP Drag and Drop Upload download page (jmagnone)
- WordPress Homepage (WordPress)