ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Neosense Theme <= 1.7 - Unrestricted File Upload

Product
Neosense
Description
A copy of the "qquploader" ajax file uploader was found in this theme's directory. An attacker can upload any file to the site by using this uploader.
Solution
Update the theme.
Classification
Type Local File Inclusion
OWASP Top 10 A1: Injection
References
SecLists
CVE
Name CVE-434
Versions
Affected In <= 1.7
Fixed In 1.8
Disclosure date
2016-09-20
Submitter
ThreatPress