Bugtraq ID:65866
CVE ID:CVE-2014-1905
WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。
WordPress VideoWhisper Live Streaming Integration所包含的"/wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snaps
hots.php"在上传文件到服务器时没有正确校验恶意文件扩展,可导致远程攻击者上传和执行任意PHP文件。
0
WordPress VideoWhisper Live Streaming Integration 4.27.3
厂商补丁:
WordPress VideoWhisper Live Streaming Integration 4.29.5已经修复该漏洞,建议用户下载更新:
http://wordpress.org/plugins/videowhisper-live-streaming-integration/
After successful exploitation the remote shell will be accessible via the following URL:
http://[host]/wp-content/plugins/videowhisper-live-streaming-integration
/ls/snapshots/1.php.jpg
Successful exploitation of this vulnerability requires that the webserver is not configured to handle the mime-type for media files with .jpg extension.