Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9521


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9521
Last Modified 06 Jan 2015 11:55:21
Published 05 Jan 2015 03:59:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.

Vulnerable Systems


  • Infinitewp Admin Panel 2.4.3



FULLDISC - 20141210 Multiple vulnerabilities in InfiniteWP Admin Panel

Last Updated: 27 May 2016 11:07:26