cbcvebase.
CVE-2012-3577
published 2012-06-17

CVE-2012-3577: Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute…

PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.96%
95.8th percentile
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.

Affected

3 ranges
VendorProductVersion rangeFixed in
nmediamember_conversation<= 1.3
nmediamember_conversation
nmediamember_conversation

Detection & IOCsextracted from sources · hover to see the quote

pathwp-content/uploads/user_uploads/
urlhttp://www.exemple.com/wordpress/wp-content/uploads/user_uploads/test/lo.php
filenamedoupload.php
  • Monitor for POST requests to doupload.php containing files with executable extensions (e.g., .php, .php5, .phtml)
  • Alert on direct HTTP GET requests to files under wp-content/uploads/user_uploads/ with executable extensions (.php, etc.), indicating post-upload webshell access
  • The exploit uses a 'folder' POST parameter (e.g., /test/) alongside the uploaded file; inspect multipart form-data submissions to doupload.php for this parameter pattern
  • ·Vulnerability affects Nmedia WordPress Member Conversation plugin version 1.35.0 and potentially other versions prior to 1.4; confirm plugin version before applying detections

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.