WordPress FCChat Widget Plugin Arbitrary File Upload Vulnerability

vendor:

FCChat Widget Plugin

by:

SecurityFocus

7,5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: FCChat Widget Plugin

Affected Version From: 2.2.12.2

Affected Version To: 2.2.13.1

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:fcchat_widget_plugin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

WordPress FCChat Widget Plugin Arbitrary File Upload Vulnerability

WordPress FCChat Widget plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used.

Source

WordPress FCChat Widget Plugin Arbitrary File Upload Vulnerability

Mitigation:

Exploit-DB raw data: