WordPress Clockstone Theme Arbitrary File Upload Vulnerability Network Vulnerability

Summary

The Clockstone Theme for WordPress is prone to an arbitrary file- upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation other attacks are also possible.

References

http://packetstormsecurity.org/files/118930/WordPress-Clockstone-Theme-File-Upload.html
http://packetstormsecurity.org/files/download/118930/clockstone-shell.pdf

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:C/I:C/A:P

Related Vulnerabilities

Apache Axis2 Document Type Declaration Processing Security Vulnerability
Agora CGI Cross Site Scripting
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Baby Gekko CMS Multiple Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability

Take action and discover your vulnerabilities