Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 06 Mar 2012 12:39:15 -0700

On 03/06/2012 12:31 AM, Henri Salo wrote:
Can we assign CVE-identifier for this security vulnerability, thanks.


Plugin is disabled in WordPress (doesn't show up in http://wordpress.org/extend/plugins/), but SVN can be found from 
here: http://plugins.svn.wordpress.org/kish-guest-posting/trunk/

File http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt says:

= 1.2 =
security update for Uploadify Script

But I haven't tested (yet) if that is valid fix for the vulnerability.

- Henri Salo

Please use CVE-2012-1125 for this issue.

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]