This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:MISC:WP-IMG-UPLOAD
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
WordPress Plugin Arbitrary Image Upload
|
Release Date |
2014/09/18
|
Update Number |
2420
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: WordPress Plugin Arbitrary Image Upload
This signature detects an attempt to exploit a known vulnerability in WordPress Plugin base. Successful exploitation could allow an attacker to execute arbitrary files and launch further RFI based attacks into the context of the web application.
Extended Description
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
Affected Products
- Envato complete_gallery_manager_plugin 1.0.0
- Envato complete_gallery_manager_plugin 1.0.1
- Envato complete_gallery_manager_plugin 1.0.2
- Envato complete_gallery_manager_plugin 2.0.0
- Envato complete_gallery_manager_plugin 2.0.1
- Envato complete_gallery_manager_plugin 2.0.2
- Envato complete_gallery_manager_plugin 2.0.3
- Envato complete_gallery_manager_plugin 3.0.0
- Envato complete_gallery_manager_plugin 3.0.1
- Envato complete_gallery_manager_plugin 3.1.0
- Envato complete_gallery_manager_plugin 3.1.1
- Envato complete_gallery_manager_plugin 3.2.0
- Envato complete_gallery_manager_plugin 3.2.1
- Envato complete_gallery_manager_plugin 3.2.2
- Envato complete_gallery_manager_plugin 3.2.3
- Envato complete_gallery_manager_plugin 3.2.4
- Envato complete_gallery_manager_plugin 3.2.5
- Envato complete_gallery_manager_plugin 3.2.6
- Envato complete_gallery_manager_plugin 3.2.7
- Envato complete_gallery_manager_plugin 3.2.8
- Envato complete_gallery_manager_plugin 3.3.0
- Envato complete_gallery_manager_plugin 3.3.1
- Envato complete_gallery_manager_plugin 3.3.2
- Envato complete_gallery_manager_plugin 3.3.3
References