一、 漏洞 CVE-2012-10064 基础信息
漏洞信息
# Omni Secure Files 0.1.14 未授权文件上传漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
危险类型文件的不加限制上传
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2012-10064 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2012-10064 的情报信息
标题: Omni Secure Files 0.1.13 – Unauthenticated Arbitrary File Upload | Plugin Vulnerabilities -- 🔗来源链接
标签:third-party-advisory
神龙速读:### 关键信息总结 - **漏洞名称:** Omni Secure Files 0.1.13 - Unauthorized File Upload - **描述:** 此插件包含易受攻击的plupload库,并在野外被利用。 - **脆弱文件:** [http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php](http://www.example.com/wp-content/plugins/omni-secure-files/plupload/examples/upload.php) - **受影响的插件:** omni-secure-files, 无已知修复 - **相关链接:** Exploitdb、Miscellaneous - **研究者:** Adrien Thierry - **状态:** 未验证 - **WPVDB ID:** 376fd666-6471-479c-9b74-1d8088a33e89 - **时间线:** - 公开发布: 2012-06-07 - 添加: 2014-08-01 - 最后更新: 2020-03-02 - **其他相关:** 一些其他文件上传漏洞案例列于下方,例如IMGspider、Bit Form、Groundhogg等,以及上传限制绕过和RCE漏洞。
- https://web.archive.org/web/20121025112632/http%3A//secunia.com/advisories/49441third-party-advisory
标题: WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13) - Vulnerabilities - Acunetix -- 🔗来源链接
标签:third-party-advisory
神龙速读:### 关键信息 **Description** - **Vulnerability**: WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13) - **Cause**: The application fails to sanitize user-supplied input adequately. - **Impact**: Attackers can upload arbitrary PHP code and execute it within the web server process, leading to unauthorized access or privilege escalation. - **Affected Version**: 0.1.13 (prior versions may also be affected) **Severity** - **Level**: High **Classification** - **CWE**: 434 - **CVSS 3.0**: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - **CVSS 4.0**: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N **Tags** - Missing Update - Unauthenticated File Upload **Remediation** - Update to plugin version 0.1.14 or the latest version. **References** - [Security Focus](http://www.securityfocus.com/bid/53872/exploit) - [Exploit DB](http://www.exploit-db.com/exploits/19009/) - [1337day](http://1337day.com/exploits/18478) - [PacketStorm Security](http://packetstormsecurity.com/files/113411/WordPress-Omni-Secure-Files-0.1.13-Shell-Upload.html) - [Secunia](http://secunia.com/advisories/49441/) **Related Vulnerabilities** - WordPress Plugin PostmagThemes Demo Import Arbitrary File Upload (1.0.7) - WordPress Plugin Debug Bar Unspecified Vulnerability (0.8) - WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6) - WordPress Plugin IP Logger Arbitrary File Upload (3.1) - LiteSpeed Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2333)
标题: ERROR: The request could not be satisfied -- 🔗来源链接
标签:third-party-advisorypatch
神龙速读:```md ### 漏洞关键信息 - **HTTP状态码**: 403 Forbidden - **错误消息**: The request could not be satisfied. The request was blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. - **生成者**: CloudFront (由Amazon CloudFront生成) - **请求ID**: AGh2AcPJ7dGIkY965KHP3gPHLVuvumfgldxjSdVTEgo32TGEWm14CCQ== - **可能原因**: - 服务器端存在高流量 - 服务器配置错误 - 请求被CloudFront阻拦,可能是由于安全规则或配置问题所致 通过这些信息可以初步判断,请求被阻止可能由服务器流量过载、配置错误或者CloudFront安全设置引起。进一步排查应从服务器状态、流量监测以及CloudFront规则配置入手。 ```
标题: WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload - PHP webapps Exploit -- 🔗来源链接
标签:exploit
神龙速读:- **Title:** WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload - **Edb-ID:** 19009 - **Cve:** - **Date:** 2012-06-07 - **Author:** ADRIEN THIERRY - **Type:** WEBAPPS - **Platform:** PHP - **Vulnerable App:** http://downloads.wordpress.org/plugins/omni-secure-files.zip - **Exploit brief:** - There's possibly some leftover files, but the page `upload.php` in the `examples` directory is vulnerable to Remote File Upload. Code snippet shown.
标题: WordPress Omni Secure Files Plugin 'Upload.php' Arbitrary File Upload Vulnerability -- 🔗来源链接
标签:third-party-advisory
神龙速读:## 漏洞关键信息 - **Bugtraq ID**: 53872 - **漏洞类别**: 输入验证错误 - **CVE**: 有 - **远程利用**: 可以 - **本地利用**: 不可以 - **发布日期**: 2012年6月7日 12:00 AM - **更新日期**: 2012年6月7日 12:00 AM - **发现者**: Adrien Thierry - **易受攻击版本**: WordPress Omni Secure Files 插件 0.1.13 - **不受影响版本**: 无 - **漏洞描述**: WordPress Omni Secure Files 插件 'Upload.php' 任意文件上传漏洞
标题: Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload | Advisories | VulnCheck -- 🔗来源链接
标签:third-party-advisory
神龙速读:### 关键信息 - **Vulnerability**: - Name: Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload - **Severity**: - Critical - **Date**: - January 16, 2026 - **CVE Details**: - CVE-2012-10064 - **Description**: - Versions of the Omni Secure Files WP plugin prior to 0.1.14 have a vulnerability that allows for the unauthenticated uploading of arbitrary files. The bundled `upload.php` file allows for uploads without enforcing safe file type restrictions, potentially leading to remote code execution if certain files are uploaded. - **References**: - WSscan Advisory - Wordfence Advisory - Acunetix Advisory - Packet Storm Entry - ExploitDB-19009 - WP Page - **Credit**: - Adrien Thierry
标题: Packet Storm -- 🔗来源链接
标签:exploit
神龙速读:### 关键信息摘要 #### Website and Purpose - The screenshot displays Packet Storm's Terms of Service. - Packet Storm Security, LLC manages the websites `packetstormnews.com` and `packetstormsecurity.com`. #### Prohibited Activities - Users are forbidden from using automated tools or scripts to access the site. - Prohibited activities include malicious actions directed against the site or its users and any illegal or unauthorized use. #### Liability and Legal - Packet Storm disclaims any warranties and limits its liability for the use of the site. - Disputes will be resolved by binding arbitration under California law. #### Purpose of the Document - This document outlines user responsibilities, permissions, restrictions, and legal terms associated with using Packet Storm's services.
标题: Omni Secure Files – WordPress plugin | WordPress.org -- 🔗来源链接
标签:product
神龙速读:从该网页截图中获取到的关于漏洞的关键信息如下: - 插件名称:`omni-secure-files` - 插件作者:Omnilogic - 插件状态:该插件已于2018年11月30日被关闭,不可下载,原因是违反了准则 - 最后更新时间:14年前 - 版本号:0.1.15 - 开发者:Omnilogic、Jsapara
- https://nvd.nist.gov/vuln/detail/CVE-2012-10064
四、漏洞 CVE-2012-10064 的评论
暂无评论