Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 06 Mar 2017 12:32:30 -0500
From: "Larry W. Cashdollar" <larry0@...com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Remote file upload vulnerabilities in multiple wordpress plugins


Hello,

All of these plugins include unlicensed software developed by http://www.invedion.com/ that is vulnerable, I am unable to get 
more details from the vendor as to what the software name and version are and therefor can't issue a CVE for just
that software.  I've issued CVEs for the impacted plugins I know of:

CVE-2017-1002000
Remote file upload vulnerability in Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0
Example: http://example.com/wordpress/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/server/images.php
http://www.vapidlabs.com/advisory.php?v=179

CVE-2017-1002001
Remote file upload vulnerability in Wordpress Plugin mobile-app-builder-by-appress v1.05
Example: http://example.com/wordpress/wp-content/plugins/mobile-app-builder-by-wappress/server/images.php
http://www.vapidlabs.com/advisory.php?v=180

CVE-2017-1002002
Remote file upload vulnerability in Wordpress Plugin webapp-builder v2.0
Example: http://example.com/wordpress/wp-content/plugins/webapp-builder/server/images.php
http://www.vapidlabs.com/advisory.php?v=181


CVE-2017-1002003
Remote file upload vulnerability in Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4
Example: http://example.com/wordpress/wp-content/plugins/wp2android-turn-wp-site-into-android-app/server/images.php
http://www.vapidlabs.com/advisory.php?v=182

@muntopia provided an exploit for all of them here:
https://github.com/alienwithin/Scripts-Sploits/blob/master/zen_app_mobile_wp_rfu.py

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.