← volver
CVE-2012-10026

WordPress Plugin Asset-Manager <= 2.0 PHP File Upload

CVSS 10 CRITICALEPSS 1.1%CWE-434
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
jkriddle · asset-manager
PoCs públicas encontradas4
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rbno verificadocve_referencewww.exploit-db.com/exploits/18993no verificadocve_referencewww.exploit-db.com/exploits/23652no verificadocve_referenceweb.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rbhttps://wordpress.org/plugins/asset-manager/https://www.exploit-db.com/exploits/18993https://www.exploit-db.com/exploits/23652https://www.vulncheck.com/advisories/wordpress-plugin-asset-manager-php-file-uploadhttp://web.archive.org/web/20150106144832/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html