Published: 17/06/2012 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin prior to 1.4 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nmedia member_conversation
nmedia member_conversation 1.2
nmedia member_conversation 1.0

source: wwwsecurityfocuscom/bid/53790/info The Nmedia WordPress Member Conversation plug-in for WordPress is prone to a vulnerability that lets attackers upload arbitrary files The issue occurs because the application fails to adequately sanitize user-supplied input An attacker can exploit this vulnerability to upload arbitrary PHP cod ...

CWE-264 http://www.securityfocus.com/bid/53790 http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html http://secunia.com/advisories/49375 http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html https://exchange.xforce.ibmcloud.com/vulnerabilities/76076 https://nvd.nist.gov https://www.exploit-db.com/exploits/37353/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3577

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect