Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Kish Guest Posting插件未限制文件上传漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress中的Kish Guest Posting插件1.2版本中的uploadify/scripts/uploadify.php中存在未限制文件上传漏洞。远程攻击者可利用该漏洞通过直接请求到指定目录的文件夹参数中的文件,通过带有PHP扩展的上传文件执行任意代码,然后访问它。
CVSS Information
N/A
Vulnerability Type
N/A