Vulnerability Description
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location.
Related Weaknesses (CWE)
References
- https://packetstorm.news/files/id/98652
- https://wpscan.com/vulnerability/6946364c-9764-468e-87d5-2dd57e531985/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-uploadify-remote-f
- https://www.vulncheck.com/advisories/uploadify-unauthenticated-arbitrary-file-up
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uploadi
- https://packetstorm.news/files/id/98652
FAQ
What is CVE-2011-10041?
CVE-2011-10041 is a documented vulnerability. Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker...
How severe is CVE-2011-10041?
CVSS scoring is not yet available for CVE-2011-10041. Check NVD for updates.
Is there a patch for CVE-2011-10041?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.