ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Evarisk Plugin - Arbitrary File Upload Vulnerability

Product
Evarisk
Description
Evarisk plugin is prone to a arbitrary file upload vulnerability that occurs because the application fails to adequately clean up user-supplied input. It allows an attacker to upload arbitrary code and run it in the context of the web server process. Other attacks are also possible.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 5.1.5.4
Fixed In 5.1.5.5
Disclosure date
2012-01-14
Credits
Sammy FORGIT