Arbitrary file upload in Steven Uploadify
CVE-2011-10041
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affe…
Vulnerability class: Unrestricted File Upload
EPSS: 0.008 (52.0th percentile) — read the EPSS interpretation.
Affected products
- Steven Uploadify — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (third-party-advisory)