cbcvebase.
CVE-2014-10021
published 2015-01-13

CVE-2014-10021: Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by…

PriorityP181high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
59.97%
99.0th percentile
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpsymposiumprowp_symposium

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/wp-symposium/server/php/
path/wp-symposium/server/php/index.php
path/wp-symposium/server/php/UploadHandler.php
path/wp-symposium/mobile-files/server/php/
path/wp-symposium/server/file_upload_form.php
  • Monitor POST requests to /wp-content/plugins/wp-symposium/server/php/index.php — this endpoint performs no extension validation and accepts arbitrary file uploads including .php files.
  • Detect multipart upload requests containing the boundary string '----------lImIt_of_THE_fIle_eW_$' as a signature of the public exploit tool.
  • Alert on POST requests to the wp-symposium server/php path that include a 'files[]' field with a .php filename — this is the direct shell upload vector.
  • After upload, attackers make a direct GET request to the uploaded .php file under the wp-symposium server/php directory to execute it — monitor for GET requests to .php files in that path.
  • Use Google dork 'index of "wp-symposium"' to identify exposed WordPress installations running the vulnerable plugin for proactive scanning.
  • The Metasploit module checks for plugin version < 14.12 via the readme; flag installations of wp-symposium at version 14.11 or earlier.
  • ·The same vulnerable unprotected upload endpoint also exists under the mobile-files path; detection rules must cover both /server/php/ and /mobile-files/server/php/.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.