CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-9521

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2014/Dec/43
https://lifeforms.nl/20141210/infinitewp-vulnerabilities/
http://seclists.org/fulldisclosure/2014/Dec/43
https://lifeforms.nl/20141210/infinitewp-vulnerabilities/

Products affected by CVE-2014-9521

Infinitewp » Infinitewp » Version: N/A

cpe:2.3:a:infinitewp:infinitewp:-
Infinitewp » Infinitewp » Version: 2.4.2

cpe:2.3:a:infinitewp:infinitewp:2.4.2
Infinitewp » Infinitewp » Version: 2.4.3

cpe:2.3:a:infinitewp:infinitewp:2.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9521

Products

Pricing

Contact Us