ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Symposium Plugin 14.11 - Shell Upload

Product
Symposium
Description
Symposium plugin is prone to a shell upload vulnerability. It allows an attacker to execute arbitrary PHP code by making a direct request to the uploaded .php file.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-10021
Versions
Affected In <= 14.11
Fixed In 14.12
Disclosure date
2015-01-13
Credits
metasploit