vendor:
Make A Statement Themes
by:
DevilScreaM
7,5
CVSS
HIGH
CSRF
352
CWE
Product Name: Make A Statement Themes
Affected Version From: 1.x.x
Affected Version To: 1.x.x
Patch Exists: NO
Related CWE: N/A
CPE: a:themes:make_a_statement
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mozila, Chrome, Opera -> Windows & Linux
2013
WordPress Make A Statement Themes CSRF File Upload Vulnerability
CSRF File Upload Vulnerability allows an attacker to upload malicious files to the vulnerable website. The attacker can craft a malicious form and send it to the victim. When the victim visits the malicious page, the malicious file will be uploaded to the vulnerable website. The attacker can then access the uploaded file by accessing the URL http://site-target/uploads/[years]/[month]/your_shell.php
Mitigation:
The website should implement a CSRF token to verify the authenticity of the request. The website should also implement a whitelist of allowed file types and validate the file type before uploading it.
