Latest YouTube Video
Tuesday, July 14, 2015
[FD] Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin)
Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://ift.tt/1eTWE5E Advisory report: http://ift.tt/1Ht2MAY CVE: Awaiting assignment CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P) Description ================ Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 Vulnerability ================ Administrators can perform Local File include attacks, which is a privilege escalation on systems where the administrator doesn’t have control over the server. If administrators can upload PHP files (or any file which can contain “
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment