Home > Content Management, File Inclusion > WordPress HTML5 AV Manager Plugin Arbitrary File Upload

WordPress HTML5 AV Manager Plugin Arbitrary File Upload

June 30th, 2012

Application: WordPress
Affected Version: version 0.2.7 and other versions.
Vendor’s URL: HTML5 AV Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/html5avmanager/lib/uploadify/custom.php file (e.g. via .htaccess).

Content Management, File Inclusion

Comments are closed.