| Title: Unrestricted File Upload vulnerability in Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2017-03-01 |
| CVE-ID:[CVE-2017-1002003] |
| CWE: CWE-434 Unrestricted Upload of File with Dangerous Type |
| Download Site: https://wordpress.org/plugins-wp/wp2android-turn-wp-site-into-android-app/ |
| Vendor: https://profiles.wordpress.org/wp2android |
| Vendor Notified: 2017-03-01 |
| Vendor Contact: plugins@wordpress.org |
| Advisory: http://www.vapidlabs.com/advisory.php?v=182 |
| Description: “Mobile App Plugin iPhone & Android Make your WordPress website to a Mobile app & mobile website” |
| Vulnerability: The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
The code in file ./wp2android-turn-wp-site-into-android-app/server/images.php doesn't require authentication or check that the user is allowed to upload content.
It also doesn't sanitize the file upload against executable code.
See :
https://plugins.svn.wordpress.org/wp2android-turn-wp-site-into-android-app/trunk/server/images.php |
| Export: JSON TEXT XML |
Exploit Code:
|
| Screen Shots: |
| Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory