WordPress Plugin Rich Widget - Arbitrary File Upload

EDB-ID:

37653

CVE:

N/A


Author:

Crim3R

Type:

webapps


Platform:

PHP

Date:

2012-08-22


source: https://www.securityfocus.com/bid/55174/info

The Rich WidgetPlugin for WordPress is prone to an arbitrary file-upload vulnerability.

An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. 

http://www.example.com/wp-content/plugins/rich-widget/fckeditor/editor/filemanager/connectors/test.html