CVE-2012-3577
published 2012-06-17CVE-2012-3577: Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute…
PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.96%
95.8th percentile
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nmedia | member_conversation | <= 1.3 | — |
| nmedia | member_conversation | — | — |
| nmedia | member_conversation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for POST requests to doupload.php containing files with executable extensions (e.g., .php, .php5, .phtml) ↗
- →Alert on direct HTTP GET requests to files under wp-content/uploads/user_uploads/ with executable extensions (.php, etc.), indicating post-upload webshell access ↗
- →The exploit uses a 'folder' POST parameter (e.g., /test/) alongside the uploaded file; inspect multipart form-data submissions to doupload.php for this parameter pattern ↗
- ·Vulnerability affects Nmedia WordPress Member Conversation plugin version 1.35.0 and potentially other versions prior to 1.4; confirm plugin version before applying detections ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.htmlhttp://secunia.com/advisories/49375http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.htmlhttp://www.securityfocus.com/bid/53790https://exchange.xforce.ibmcloud.com/vulnerabilities/76076http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.htmlhttp://secunia.com/advisories/49375http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.htmlhttp://www.securityfocus.com/bid/53790https://exchange.xforce.ibmcloud.com/vulnerabilities/76076
2012-06-17
Published