CVE-2017-6104
published 2017-03-02CVE-2017-6104: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
PriorityP258high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
7.32%
93.6th percentile
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zen_mobile_app_native_project | zen_mobile_app_native | <= 3.0 | — |
| zendkmobileapp | wordpress_plugin_mobile_app_native_3.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect arbitrary file upload attempts targeting WordPress plugin directories via HTTP POST, followed by GET requests with shell command query parameter '?alien=' ↗
- →Alert on HTTP GET requests containing the query parameter 'alien=' to files within /wp-content/plugins/ — this is the webshell command execution pattern used by this exploit ↗
- →The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type); monitor for file uploads to the Mobile App Native plugin directory ↗
- →The exploit targets the 'Zen App Mobile Native' WordPress plugin (version 3.0) via unauthenticated remote file upload; flag POST requests to plugin upload endpoints without authentication ↗
- ·The exploit script replaces 'http://example.com/' in the server response to reconstruct the uploaded shell's URL, suggesting the vulnerable plugin echoes back the upload path — response body inspection may aid detection ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/96547http://www.vapidlabs.com/advisory.php?v=178https://wpvulndb.com/vulnerabilities/8743https://www.exploit-db.com/exploits/41540/http://www.securityfocus.com/bid/96547http://www.vapidlabs.com/advisory.php?v=178https://wpvulndb.com/vulnerabilities/8743https://www.exploit-db.com/exploits/41540/
2017-03-02
Published