Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3574

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3574
Last Modified 08 Aug 2012 12:00:00
Published 15 Jun 2012 08:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3574

Summary

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.

Vulnerable Systems

Application

  • Tbelmans Mm Forms Community 2.2.5

  • Tbelmans Mm Forms Community 2.2.6

  • Wordpress 2.2.5

  • Wordpress 2.2.6


References

XF - wp-mmforms-doajaxfileupload-file-upload(76133)

BID - 53852

MISC - http://www.opensyscom.fr/Actualites/wordpress-plugins-mm-forms-community-shell-upload-vulnerability.html

EXPLOIT-DB - 18997

SECUNIA - 49411


Last Updated: 27 May 2016 10:56:31