oss-sec mailing list archives
Remote file upload vulnerabilities in multiple wordpress plugins
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Mon, 06 Mar 2017 12:32:30 -0500
Hello, All of these plugins include unlicensed software developed by http://www.invedion.com/ that is vulnerable, I am unable to get more details from the vendor as to what the software name and version are and therefor can't issue a CVE for just that software. I've issued CVEs for the impacted plugins I know of: CVE-2017-1002000 Remote file upload vulnerability in Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 Example: http://example.com/wordpress/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/server/images.php http://www.vapidlabs.com/advisory.php?v=179 CVE-2017-1002001 Remote file upload vulnerability in Wordpress Plugin mobile-app-builder-by-appress v1.05 Example: http://example.com/wordpress/wp-content/plugins/mobile-app-builder-by-wappress/server/images.php http://www.vapidlabs.com/advisory.php?v=180 CVE-2017-1002002 Remote file upload vulnerability in Wordpress Plugin webapp-builder v2.0 Example: http://example.com/wordpress/wp-content/plugins/webapp-builder/server/images.php http://www.vapidlabs.com/advisory.php?v=181 CVE-2017-1002003 Remote file upload vulnerability in Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 Example: http://example.com/wordpress/wp-content/plugins/wp2android-turn-wp-site-into-android-app/server/images.php http://www.vapidlabs.com/advisory.php?v=182 @muntopia provided an exploit for all of them here: https://github.com/alienwithin/Scripts-Sploits/blob/master/zen_app_mobile_wp_rfu.py
Current thread:
- Remote file upload vulnerabilities in multiple wordpress plugins Larry W. Cashdollar (Mar 06)