ID de Prueba:	1.3.6.1.4.1.25623.1.0.802642
Categoría:	Web application abuses
Título:	WordPress Nmedia Member Conversation Plugin Arbitrary File Upload Vulnerability
Resumen:	WordPress Nmedia Member Conversation Plugin is prone to file upload vulnerability.
Descripción:	Summary: WordPress Nmedia Member Conversation Plugin is prone to file upload vulnerability. Vulnerability Insight: The flaw is due to the /wp-content/plugins/wordpress-member-private- conversation/doupload.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script. Vulnerability Impact: Successful exploitation will allow attacker to upload arbitrary PHP code and run it in the context of the Web server process. Affected Software/OS: WordPress Nmedia Member Conversation Plugin version 1.35.0 Solution: Update to WordPress Nmedia Member Conversation Plugin version 1.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3577 BugTraq ID: 53790 http://www.securityfocus.com/bid/53790 http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/ http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html http://secunia.com/advisories/49375 XForce ISS Database: wp-nmedia-doupload-file-upload(76076) https://exchange.xforce.ibmcloud.com/vulnerabilities/76076
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.