Unrestricted File Upload Vulnerability in CformsII Plugin for WordPress
CVE-2014-9473

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cformsii
Vendor: CVE Published:; 8 January 2015

Summary

The CformsII plugin for WordPress allows for unrestricted file uploads due to a vulnerability in lib_nonajax.php. This flaw enables remote attackers to execute arbitrary code by uploading files with executable extensions through the cf_uploadfile2[] parameter. Once the file is uploaded to the default directory, attackers can access it directly, leading to potential exploitation and unauthorized control over the affected system. Users of the CformsII plugin should take immediate action to mitigate this risk.

References

https://wordpress.org/plugins/cforms2/changelog/

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534349/30/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 8, 2015
Vulnerability Reserved
Jan 3, 2015