Archive

Archive for the ‘File Inclusion’ Category

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Work The Flow File Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

March 30th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: Business Intelligence Lite Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion

WordPress The Cotton Theme Arbitrary File Upload

March 30th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.1.4 and other versions.
Vendor’s URL: The Cotton Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

February 28th, 2014
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Kiddo Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions prior to 3.0.3.
Vendor’s URL: PROJOOM Smart Flash Header Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, File Inclusion

WordPress OptimizePress Plugin Arbitrary File Upload

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 1.6.
Vendor’s URL: OptimizePress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.6.

Content Management, File Inclusion

WordPress This Way Theme Arbitrary File Upload

November 29th, 2013
Comments Off

Application: WordPress
Affected Version: -
Vendor’s URL: This Way Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Complete Gallery Manager Plugin Arbitrary File Upload

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.3.3 and other versions.
Vendor’s URL: Complete Gallery Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Simple Dropbox Upload Plugin Arbitrary File Upload

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Simple Dropbox Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

AspxCommerce Logo Module Arbitrary File Upload

September 30th, 2013
Comments Off

Application: AspxCommerce
Affected Version: version 2.0 and other versions.
Vendor’s URL: Logo Module
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

E-Commerce, File Inclusion

SocialEngine Timeline Plugin Arbitrary File Upload

August 26th, 2013
Comments Off

Application: SocialEngine
Affected Version: version 4.2.5p9 and other versions.
Vendor’s URL: Timeline Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 4.6.0.

Content Management, File Inclusion

Joomla! Arbitrary File Upload

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 3.1.4 and versions prior to 2.5.14 and 3.1.5.
Vendor’s URL: Joomla!
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.5.14 or 3.1.5.

Content Management, File Inclusion

WordPress Export To Text Plugin “download” Remote File Inclusion

June 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.2 and prior versions.
Vendor’s URL: Export To Text Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.3.

Content Management, File Inclusion

YaBB “guestlanguage” Cookie Local File Inclusion

May 27th, 2013
Comments Off

Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Fixed in the SVN repository.

Discussion Boards, File Inclusion

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.4 and other versions.
Vendor’s URL: Uploader Plugin
Bug Type: Cross-Site Scripting & File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, File Inclusion

WordPress WP ecommerce Shop Styling Plugin “dompdf” Remote File Inclusion Vulnerability

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.7.2 and other versions.
Vendor’s URL: WP ecommerce Shop Styling Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.8.

Content Management, File Inclusion

WordPress Gallery Plugin “load” Remote File Inclusion Vulnerability

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: Gallery Plugin
Bug Type: Critical
Risk Level: File Inclusion

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress ReFlex Gallery Plugin Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions
Vendor’s URL: ReFlex Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Zingiri Forum Plugin “url” Arbitrary File Disclosure

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Zingiri Forum Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.4.4.

Content Management, File Inclusion

WordPress Browser Rejector Plugin “wppath” Remote File Inclusion

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.10 and prior versions.
Vendor’s URL: Browser Rejector Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.11.

Content Management, File Inclusion