ThreatPress

WordPress Vulnerabilities Database

Back

WordPress N-Media Website Contact Form with File Upload Plugin 1.3.4 - Shell Upload

Product
N-Media Website Contact Form with File Upload
Description
N-Media Website Contact Form with File Upload plugin is prone to a shell upload vulnerability via "upload_file()" ajax function.
Solution
Upgrade the plugin.
Classification
Type Local File Inclusion
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.4
Fixed In 1.3.5
Disclosure date
2015-04-13
Credits
Claudio Viviani