WordPress Fusion Theme <= 3.1 - Arbitrary File Upload

fusion

Software
Fusion
Versions
<= 3.1
Disclosure date
2015-03-03
CVE
CVE-2015-2194
References
Credits
Classification
Local File Inclusion
OWASP Top 10

Are your websites subject to this vulnerability?

Details

Because of this vulnerability in this Fusion theme, the authenticated users can execute arbitrary code by uploading a file with an executable extension in a fusion_save action and then accessing it via unspecified vectors.

Solution

Update the theme.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.