Arbitrary Code Execution via Unrestricted File Upload in Kish Guest Posting Plugin 1.2 for WordPress

Arbitrary Code Execution via Unrestricted File Upload in Kish Guest Posting Plugin 1.2 for WordPress

CVE-2012-5318 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.

Learn more about our Wordpress Pen Testing.