ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Dropbox Upload Plugin <=1.8.8.0 - Unrestricted File Upload

Product
Simple Dropbox Upload
Description
Because of this vulnerability in multi.php, the attackers can execute arbitrary code by uploading a file with an executable extension and after that accessing it via a direct request to the file in wp-content/uploads/wpdb/.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
References
CVE Mitre
CVE
Name CVE-2013-5963
Versions
Affected In <= 1.8.8.0
Fixed In 1.8.8.1
Disclosure date
2013-09-30
Credits
Ashiyane Digital Security Team