关键信息 CVE-ID: CVE-2015-9271 rampage remote file upload advisory: http://www.rapid.dhs.org/advisory.php?v=116 Vulnerability Type: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Description: by uploading file extension ending in .phtml, .rhtml, .pht as long as the extension isn't defined in the apache mime.types. This was a previously discovered vulnerability that was not properly fixed by the author. The patch was insufficient in blocking malicious file uploads. Exploit Code: Exploit code provided for testing purposes only How to Fix Update to a patched version of the videowhisper-video-conference-integration wordpress plugin. Block malicious file uploads by adding the appropriate file extensions to the apache mime.types.