QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3576

Published: Jun 16, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

wpstorecart-upload-file-upload(76166)

vdb-entry

x_refsource_XF

http://plugins.trac.wordpress.org/changeset?old_path=%2Fwpstorecart&old=555124&new_path=%2Fwpstorecart&new=555124

x_refsource_CONFIRM

http://wordpress.org/extend/plugins/wpstorecart/changelog/

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.