| Title: Arbitrary file upload vulnerabiity in WordPress Plugin tajer v1.05 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2018-10-15 |
| CVE-ID:[CVE-2018-9206] |
| CWE: |
| Download Site: https://wordpress.org/plugins/tajer |
| Vendor: https://mostasharoon.org/ |
| Vendor Notified: 0000-00-00 |
| Vendor Contact: |
| Advisory: http://www.vapidlabs.com/advisory.php?v=205 |
| Description: Tajer – All In One eCommerce WordPress Premium Class Plugin. You can sell any kind of digital goods: downloads, articles, a piece of content or any kind of content or virtual products. |
| Vulnerability: This plugin has components of Blueimp's jQuery file upload that is vulnerable to arbitrary file upload and code execution. |
| Export: JSON TEXT XML |
Exploit Code:
|
| Screen Shots: |
| Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory