Published: 14/09/2017 Updated: 27/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 758

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Mobile-friendly-app-builder-by-easytouch

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mobile-friendly-app-builder-by-easytouch project mobile-friendly-app-builder-by-easytouch 3.0

WordPress plugins Zen App Mobile Native versions 30 and below, webapp-builder version 20, wp2android-turn-wp-site-into-android-app version 114, mobile-app-builder-by-wappress version 105, and mobile-friendly-app-builder-by-easytouch version 30 suffer from a remote shell upload vulnerability ...

import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W Cashdollar\nExploit Author: Munir Njiru\nCWE: 434\n\n1 Zen App Mobile Native <=30 (CVE-2017-6104)\n2 Wordpress Plugin webapp-builder v20 ...

CVE Automation Working Group Git Pilot The CVE Automation Working Group is piloting use of git to share information about public vulnerabilities The goal is to learn not only what features are necessary to support the "plumbing" of sending and receiving the data, but also which attributes and metadata are needed in the CVE format to support automation See How to Con

cvelist fork for integration testing

Pilot program for CVE submission through GitHub

Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023

Warning: CVE Record Submission via Pilot PRs ending 6/30/2023 CVE Automation Working Group Git Pilot The CVE Automation Working Group is piloting use of git to share information about public vulnerabilities The goal is to learn not only what features are necessary to support the "plumbing" of sending and receiving the data, but also which attributes and metadata are

cvelist fork for develeoper testing

Pilot program for CVE submission through GitHub

CWE-434 https://wordpress.org/plugins-wp/mobile-friendly-app-builder-by-easytouch/http://www.vapidlabs.com/advisory.php?v=179 https://www.exploit-db.com/exploits/41540/http://www.securityfocus.com/bid/96905 http://www.securityfocus.com/bid/96899 https://nvd.nist.gov https://packetstormsecurity.com/files/141676/WordPress-Multiple-Plugin-File-Upload.html https://www.exploit-db.com/exploits/41540/https://github.com/CVEProject/cvelist-int

Get Started

CVE-2017-1002000

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect