Title: Arbitrary file upload vulnerabiity in WordPress Plugin tajer v1.05 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2018-10-15 |
CVE-ID:[CVE-2018-9206] |
CWE: |
Download Site: https://wordpress.org/plugins/tajer |
Vendor: https://mostasharoon.org/ |
Vendor Notified: 0000-00-00 |
Vendor Contact: |
Advisory: http://www.vapidlabs.com/advisory.php?v=205 |
Description: Tajer – All In One eCommerce WordPress Premium Class Plugin. You can sell any kind of digital goods: downloads, articles, a piece of content or any kind of content or virtual products. |
Vulnerability: This plugin has components of Blueimp's jQuery file upload that is vulnerable to arbitrary file upload and code execution. |
Export: JSON TEXT XML |
Exploit Code:
|
Screen Shots: |
Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory