Title: Unrestricted File Upload vulnerability in Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2017-03-01 |
CVE-ID:[CVE-2017-1002000] |
CWE: CWE-434 Unrestricted Upload of File with Dangerous Type |
Download Site: https://wordpress.org/plugins-wp/mobile-friendly-app-builder-by-easytouch/ |
Vendor: https://profiles.wordpress.org/jenova12345 |
Vendor Notified: 2017-03-01 |
Vendor Contact: plugins@wordpress.org |
Advisory: http://www.vapidlabs.com/advisory.php?v=179 |
Description: “Convert your WordPress site into native mobile apps” |
Vulnerability: The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
It also doesn't sanitize the file upload against executable code.
See:
https://plugins.svn.wordpress.org/mobile-friendly-app-builder-by-easytouch/trunk/server/images.php |
Export: JSON TEXT XML |
Exploit Code:
|
Screen Shots: |
Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory