Arbitrary file upload in WP Mobile detector



| Updated: 2017-02-17
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-20
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Subscribe
WP Mobile detector
Web applications / Modules and components for CMS

Vendor WordPress.ORG

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Arbitrary file upload

EUVDB-ID: #VU5851

Risk: Critical

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to upload arbitrary files to compromise the target system.

The weakness exists due to the failure to validate and sanitize input. A remote attacker can send a request toresize.php or timthumb.php inside the plugin directory with the backdoor URL that contains a PHP code.

Successful exploitation of the vulnerability may result in malicious files uploading and vulnerable system compromising.

Note: the vulnerability was being actively exploited.

Mitigation

Update to version 3.7.

Vulnerable software versions

WP Mobile detector: 3.6 - 3.7

CPE2.3 External links

http://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-d...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###