Summary
The Clockstone Theme for WordPress is prone to an arbitrary file- upload vulnerability.
An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation other
attacks are also possible.
References
Severity
Classification
-
CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:C/I:C/A:P
Related Vulnerabilities
- Athena Web Registration remote command execution flaw
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability