Vigil@nce - WordPress Complete Gallery Manager: file upload
October 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can upload a malicious file on WordPress Complete
Gallery Manager, in order for example to upload a PHP code.
Impacted products: WordPress Plugins
Severity: 2/4
Creation date: 19/09/2013
DESCRIPTION OF THE VULNERABILITY
The WordPress Complete Gallery Manager plugin is used to manage
multimedia documents.
However, it does not check the extension of uploaded files.
An attacker can therefore upload a malicious file on WordPress
Complete Gallery Manager, in order for example to upload a PHP
code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Complete-Gallery-Manager-file-upload-13447