The WordPress plugin Complete Gallery Manager version 3.3.3 is vulnerable to arbitrary file upload which can lead to remote code execution after the uploading of PHP.
Exploitation
Stages
- The attacker sends an HTTP POST to upload-images.php of the vulnerable plugin.
- The server responds with JSON data containing a URI path to the uploaded file.
Prerequisites
The attacker is able to access the vulnerable PHP code directly without authentication.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade your software to the latest non-vulnerable version.
Comments
0 comments
Please sign in to leave a comment.