CVE-2012-1125 - OpenCVE

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kishore Asokan	Kish Guest Posting Plugin
Wordpress	Wordpress

Configuration 1 [-]

AND

OR	cpe:2.3:a:kishore_asokan:kish_guest_posting_plugin::::::::
	cpe:2.3:a:kishore_asokan:kish_guest_posting_plugin:1.0:::::::*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html
http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt
http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php
http://secunia.com/advisories/47688
http://www.exploit-db.com/exploits/18412
http://www.openwall.com/lists/oss-security/2012/03/06/11
http://www.openwall.com/lists/oss-security/2012/03/06/3
http://www.openwall.com/lists/oss-security/2012/03/08/1
http://www.osvdb.org/78479
http://www.securityfocus.com/bid/51638
https://exchange.xforce.ibmcloud.com/vulnerabilities/79563

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-08T17:00:00

Updated: 2024-08-06T18:45:27.520Z

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1125

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-10-08T17:55:00.857

Modified: 2017-08-29T01:31:12.693

Link: CVE-2012-1125

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "47688", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47688"}, {"name": "[oss-security] 20120308 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/08/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php"}, {"name": "[oss-security] 20120306 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/06/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt"}, {"name": "wp-kishguest-uploadify-file-upload(79563)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563"}, {"name": "[oss-security] 20120306 CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/06/3"}, {"name": "51638", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51638"}, {"name": "20120123 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html"}, {"name": "18412", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18412"}, {"name": "78479", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/78479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47688", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47688"}, {"name": "[oss-security] 20120308 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/08/1"}, {"name": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php"}, {"name": "[oss-security] 20120306 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/06/11"}, {"name": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt", "refsource": "CONFIRM", "url": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt"}, {"name": "wp-kishguest-uploadify-file-upload(79563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563"}, {"name": "[oss-security] 20120306 CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/06/3"}, {"name": "51638", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51638"}, {"name": "20120123 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html"}, {"name": "18412", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18412"}, {"name": "78479", "refsource": "OSVDB", "url": "http://www.osvdb.org/78479"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:27.520Z"}, "title": "CVE Program Container", "references": [{"name": "47688", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47688"}, {"name": "[oss-security] 20120308 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/08/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php"}, {"name": "[oss-security] 20120306 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/06/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt"}, {"name": "wp-kishguest-uploadify-file-upload(79563)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563"}, {"name": "[oss-security] 20120306 CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/06/3"}, {"name": "51638", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51638"}, {"name": "20120123 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html"}, {"name": "18412", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18412"}, {"name": "78479", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/78479"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1125", "datePublished": "2012-10-08T17:00:00", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.520Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kishore_asokan:kish_guest_posting_plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "25A5784F-010B-4395-AD35-056820A7439C", "versionEndIncluding": "1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:kishore_asokan:kish_guest_posting_plugin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "024EC77B-E196-4165-B0FA-0F89E37DC51D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter."}, {"lang": "es", "value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en uploadify/scripts/uploadify.php en el plugin Kish Guest Posting anterior a v1.2 para WordPress, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n subiendo un archivo con una extensi\u00f3n PHP, despu\u00e9s accediendo al mismo a trav\u00e9s de una petici\u00f3n al fichero en el directorio especificado por el par\u00e1metro folder."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n'CWE-434: Unrestricted Upload of File with Dangerous Type'", "id": "CVE-2012-1125", "lastModified": "2017-08-29T01:31:12.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-08T17:55:00.857", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html"}, {"source": "secalert@redhat.com", "url": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt"}, {"source": "secalert@redhat.com", "url": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47688"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18412"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/06/11"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/06/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/08/1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/78479"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/51638"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}