Summary
This host is running WordPress Nmedia Member Conversation Plugin and is prone to file upload vulnerability.
Impact
Successful exploitation will allow attacker to upload arbitrary PHP code and run it in the context of the Web server process.
Impact Level: System/Application
Solution
Upgrade to WordPress Nmedia Member Conversation Plugin version 1.4 or later, For updates refer to http://wordpress.org/extend/plugins/wordpress-member-private-conversation/
Insight
The flaw is due to the /wp-content/plugins/wordpress-member-private- conversation/doupload.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
Affected
WordPress Nmedia Member Conversation Plugin version 1.35.0
References
- http://osvdb.org/82792
- http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html
- http://secunia.com/advisories/49375
- http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/
- http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html
- http://xforce.iss.net/xforce/xfdb/76076
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3577 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Acidcat CMS Multiple Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability