cbcvebase.
CVE-2014-9308
published 2015-01-15

CVE-2014-9308: Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before…

PriorityP262medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
51.62%
98.8th percentile
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpeasycartwp_easycart<= 3.0.8

Detection & IOCsextracted from sources · hover to see the quote

path/inc/amfphp/administration/banneruploaderscript.php
pathproducts/banners/
  • Monitor for multipart/form-data POST requests to /inc/amfphp/administration/banneruploaderscript.php containing files with executable extensions (e.g., .php).
  • Alert on GET requests to files under products/banners/ with executable extensions (e.g., .php), which indicates payload execution after upload.
  • Flag authentication attempts using the default credential pair 'demouser'/'demouser' against WP EasyCart installations, as this is the default admin account used by attackers.
  • In versions <= 3.0.8, any authenticated WordPress user (any role) can exploit this vulnerability; restrict monitoring to all authenticated POST requests to the uploader endpoint, not just admin accounts.
  • ·Exploitation requires authentication. In versions <= 3.0.8, any WordPress role suffices; in later versions (up to < 3.0.9), a valid EasyCart admin password is required.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.