WordPress Holding Pattern 0.6 Shell Upload

2015.02.10
Credit: Alexander
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Product: holding_pattern Vendor: Liftux Vulnerable Version(s): 0.6 and prior Tested Version: 0.6 Advisory Publication: January 18, 2015 Vendor Notification: January 14, 2015 Public Disclosure: January 18, 2015 Vulnerability Type: Exec Code Authentication: Not required to exploit CVE Reference: CVE-2015-1172 Risk Level: Medium CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Solution Status: Solution Unavailable, Product EOL Discovered and Provided: Alexander Borg ( http://www.servernet.se ) ----------------------------------------------------------------------------------------------- Advisory Details: The holding_pattern Wordpress-theme is prone to a vulnerability that allows attackers to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed. An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. ----------------------------------------------------------------------------------------------- Solution: Disclosure timeline: 2015-01-14 Vendor Alerted via email. 2015-01-14 Fix Requested via email. 2015-01-14 Vendor made clear no patch will be available. 2015-01-18 Public disclosure. Currently we are not aware of any official solution for this vulnerability. Product is EOL and no security fixes will be made available. Temporary solution may be to remove the file admin/upload-file.php ----------------------------------------------------------------------------------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top