WordPress Recip.ly Plugin 1.1.7 - Arbitrary File Upload Vulnerability

reciply

Software
Recip.ly
Versions
<= 1.1.7
Disclosure date
2011-01-25
CVE
CVE-N/A
References
Credits
Classification
Arbitrary File Upload
OWASP Top 10

Are your websites subject to this vulnerability?

Details

WordPress Recip.ly plugin's "uploadImage.php" parameter is prone to a vulnerability which allows attackers to upload arbitrary files. This is because it fails to adequately clean up user-supplied input. In this way, the attackers can use this vulnerability to upload an arbitrary code and then run it in the context of the webserver process.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.