Summary
This host is running WordPress wpStoreCart Plugin and is prone to file upload vulnerability.
Impact
Successful exploitation will allow attacker to upload arbitrary PHP code and run it in the context of the Web server process.
Impact Level: System/Application
Solution
Upgrade to WordPress wpStoreCart Plugin version 2.5.30 or later, For updates refer to http://wordpress.org/extend/plugins/wpstorecart/
Insight
The wp-content/plugins/wpstorecart/php/upload.php script allowing to upload files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
Affected
WordPress wpStoreCart Plugin versions 2.5.27 to 2.5.29
References
Severity
Classification
-
CVE CVE-2012-3576 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities