Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2007-4784)
WordPress Plugin Motors-Car Dealer & Classified Ads Multiple Vulnerabilities (1.4.0)
WordPress 4.6.x Cross-Domain Flash Injection Vulnerability (4.6 - 4.6.9)
WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7)
WordPress Plugin Pods-Custom Content Types and Fields Multiple Vulnerabilities (2.4.3)