Summary
This host is installed with Wordpress
Infusionsoft Gravity Forms Add-on and is prone to remote file upload vulnerability.
Impact
Successful exploitation will allow an
unauthenticated remote attacker to upload files in an affected site.
Impact Level: Application
Solution
Upgrade to version 1.5.11 or later,
For updates refer to https://wordpress.org/plugins/infusionsoft
Insight
Flaw is due to the plugin failed to
restrict access to certain files.
Affected
WordPress Infusionsoft Gravity Forms Add-on
version 1.5.3 to 1.5.10
Detection
Send a crafted data via HTTP GET request
and check whether it is is able to upload file or not.
References
Severity
Classification
-
CVE CVE-2014-6446 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities