ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Shopping Cart Plugin 3.0.4 - Unrestricted File Upload

Product
Shopping Cart
Description
Shopping Cart plugin is prone to an unrestricted file upload vulnerability. Because of incorrect if statement inside "banneruploaderscript.php", any registered user can upload any file.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-9308
Versions
Affected In <= 3.0.4
Fixed In 3.0.5
Disclosure date
2015-01-08
Credits
Kacper Szurek