vulnerability alert 14766
WordPress cnhk-slideshow: file upload
Synthesis of the vulnerability
An attacker can upload a malicious file on WordPress cnhk-slideshow, in order for example to upload a Trojan.Impacted products: WordPress Plugins
Description of the vulnerability
The cnhk-slideshow plugin can be installed on WordPress.
It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then executed.
An attacker can therefore upload a malicious file on WordPress cnhk-slideshow, in order for example to upload a Trojan.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability bulletin
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.