WP e-Commerce Plugin Multiple Vulnerabilities

vendor:

WP e-Commerce Plugin

by:

SecurityFocus

9,3

CVSS

HIGH

Remote Code Execution, Local File Include, Arbitrary File Upload

94, 98, 264

CWE

Product Name: WP e-Commerce Plugin

Affected Version From: 3.8.9.5

Affected Version To: Other versions may also be affected.

Patch Exists: Yes

Related CWE: N/A

CPE: a:wp_e-commerce:wp_e-commerce

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

WP e-Commerce Plugin Multiple Vulnerabilities

WP e-Commerce plugin for WordPress is prone to multiple security vulnerabilities, including multiple remote code-execution vulnerabilities, a local file-include vulnerability, and an arbitrary file-upload vulnerability. An attacker can exploit these issues to execute arbitrary code, include arbitrary local files, and upload arbitrary files to the affected computer that may result in arbitrary code execution within the context of the vulnerable application.

Mitigation:

Upgrade to the latest version of WP e-Commerce plugin for WordPress.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/65130/info

The WP e-Commerce plugin for WordPress is prone to multiple security vulnerabilities, including:

1. Multiple remote code-execution vulnerabilities.
2. A local file-include vulnerability
3. An arbitrary file-upload vulnerability

An attacker can exploit these issues to execute arbitrary code, include arbitrary local files, upload arbitrary files to the affected computer that may result in arbitrary code execution within the context of the vulnerable application.

WP e-Commerce 3.8.9.5 is vulnerable; other versions may also be affected. 

Local file-include
http://www.example.com/wp-e-commerce/wpsc-includes/misc.functions.php?image_name=[LFI]

Remote code-execution
http://www.example.com/wp-e-commerce/wpsc-admin/ajax.php?wpsc_action=[CMD]
http://www.example.com/wp-e-commerce/wpsc-admin/display-sales-logs.php?c=[CMD]