Main Vulnerability Database Exploits ID:1725 - Exploit for Arbitrary file upload in OptimizePress - CVE-2013-7102

ID:1725 - Exploit for Arbitrary file upload in OptimizePress - CVE-2013-7102

Published: March 18, 2020

Vulnerability identifier: #VU4750

Vulnerability risk: High

CVE-ID: CVE-2013-7102

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
OptimizePress

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_optimizepress_upload

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.

The weakness exists due to improper validation of file extensions in "lib/admin/media-upload.php" script. A remote attacker can create a specially crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary PHP code on the vulnerable system.

Remediation

Install update from vendor's website.

ID:1725 - Exploit for Arbitrary file upload in OptimizePress - CVE-2013-7102

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human