Vulnerability Details CVE-2013-20002
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://en.0day.today/exploit/22090
- https://packetstormsecurity.com/files/124149/WordPress-Elemin-Shell-Upload.html
- https://themify.me/blog/updated-themify-framework-to-fix-the-vulnerability
- https://themify.me/blog/urgent-vulnerability-found-in-themify-framework-please-read
- https://en.0day.today/exploit/22090
- https://packetstormsecurity.com/files/124149/WordPress-Elemin-Shell-Upload.html
- https://themify.me/blog/updated-themify-framework-to-fix-the-vulnerability
- https://themify.me/blog/urgent-vulnerability-found-in-themify-framework-please-read
Products affected by CVE-2013-20002
-
cpe:2.3:a:themify:framework:1.0.3
-
cpe:2.3:a:themify:framework:1.0.4
-
cpe:2.3:a:themify:framework:1.0.5
-
cpe:2.3:a:themify:framework:1.0.6
-
cpe:2.3:a:themify:framework:1.0.7
-
cpe:2.3:a:themify:framework:1.0.8
-
cpe:2.3:a:themify:framework:1.0.9
-
cpe:2.3:a:themify:framework:1.0.9.1
-
cpe:2.3:a:themify:framework:1.0.9.3
-
cpe:2.3:a:themify:framework:1.0.9.4
-
cpe:2.3:a:themify:framework:1.0.9.5
-
cpe:2.3:a:themify:framework:1.0.9.6
-
cpe:2.3:a:themify:framework:1.0.9.7
-
cpe:2.3:a:themify:framework:1.0.9.8
-
cpe:2.3:a:themify:framework:1.0.9.9
-
cpe:2.3:a:themify:framework:1.1.0.0
-
cpe:2.3:a:themify:framework:1.1.1
-
cpe:2.3:a:themify:framework:1.1.2
-
cpe:2.3:a:themify:framework:1.1.3
-
cpe:2.3:a:themify:framework:1.1.4
-
cpe:2.3:a:themify:framework:1.1.4.1
-
cpe:2.3:a:themify:framework:1.1.4.2
-
cpe:2.3:a:themify:framework:1.1.5
-
cpe:2.3:a:themify:framework:1.1.6
-
cpe:2.3:a:themify:framework:1.1.7
-
cpe:2.3:a:themify:framework:1.1.8
-
cpe:2.3:a:themify:framework:1.1.9
-
cpe:2.3:a:themify:framework:1.2.0
-
cpe:2.3:a:themify:framework:1.2.1