漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. MailCWP is a mail client plugin for WordPress.
The MailCWP WordPress plugin fails to properly restrict access to file upload functionality provided by the "mailcwp-upload.php" source file, which allows remote attackers to upload arbitrary files via an "file_name_with_full_path" action via malicious HTTP POST requests. Affected Versions:
WordPress MailCWP plugin versions 1.99 and prior
漏洞危害
Successful exploitation allows unauthenticated, remote attackers to upload arbitrary files on a targeted system, leading to a loss of confidentiality, integrity and availability.
解决方案
Customers are advised to install WordPress plugin MailCWP 1.100 or later versions to fix this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论