Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3577

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3577
Last Modified 20 Jun 2012 12:00:00
Published 16 Jun 2012 11:41:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3577

Summary

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.

Vulnerable Systems

Application

  • Nmedia Member Conversation 1.0

  • Nmedia Member Conversation 1.2

  • Nmedia Member Conversation 1.3


References

XF - wp-nmedia-doupload-file-upload(76076)

BID - 53790

MISC - http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html

MISC - http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/

SECUNIA - 49375

MISC - http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html


Last Updated: 27 May 2016 10:56:32