CVE-2012-10027
⚪ Do wiadomości
Luka w WP-Property umożliwia zdalne przesyłanie plików PHP bez uwierzytelnienia.
CVSS
0.0
EPSS
73.7%
Exploit
none
Vendor
Opis źródłowy (NVD)
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 0.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 73.7% |
| Opublikowano (NVD) | 2025-08-05 20:15:33 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-26 14:16:21 UTC |
Referencje
- http://web.archive.org/web/20150103065650/http://www.opensyscom.fr:80/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html (disclosure@vulncheck.com)
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_property_upload_exec.rb (disclosure@vulncheck.com)
- https://wordpress.org/plugins/wp-property/ (disclosure@vulncheck.com)
- https://www.exploit-db.com/exploits/18987 (disclosure@vulncheck.com)
- https://www.exploit-db.com/exploits/23651 (disclosure@vulncheck.com)
- https://www.vulncheck.com/advisories/wordpress-plugin-wp-property-php-file-upload (disclosure@vulncheck.com)