ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP EasyCart Plugin - Unrestricted File Upload

Product
WP EasyCart
Description
WP EasyCart plugin is prone to an unrestricted file upload vulnerability that exists because the /inc/amfphp/administration/banneruploaderscript.php does not properly clean up user-uploaded files. An attacker can do the script with the privileges of the web server by making a direct request to the uploaded file.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-9308
Versions
Affected In <= 3.0.8
Fixed In 3.0.9
Disclosure date
2015-02-10
Credits
metasploit