Vulnerability Description
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nmedia | Member Conversation | <= 1.3 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-ConversatExploit
- http://secunia.com/advisories/49375Vendor Advisory
- http://wordpress.org/extend/plugins/wordpress-member-private-conversation/change
- http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-coExploit
- http://www.securityfocus.com/bid/53790Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76076
- http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-ConversatExploit
- http://secunia.com/advisories/49375Vendor Advisory
- http://wordpress.org/extend/plugins/wordpress-member-private-conversation/change
- http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-coExploit
- http://www.securityfocus.com/bid/53790Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76076
FAQ
What is CVE-2012-3577?
CVE-2012-3577 is a vulnerability with a CVSS score of 7.5 (HIGH). Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an e...
How severe is CVE-2012-3577?
CVE-2012-3577 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3577?
Check the references section above for vendor advisories and patch information. Affected products include: Nmedia Member Conversation, Wordpress Wordpress.