System compromise in WordPress Clockstone

Posted: December 24, 2012 in Vulnerabilities
Tags: , ,

Wordpress VulnerabilityVulnerability: System compromise in WordPress Clockstone

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: System Compromise

Affected products: WordPress Clockstone Theme 1.x

Affected versions: WordPress Clockstone 1.2, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to insufficient checks downloaded files in the script wp-content/themes/clockstone/theme/functions/upload.php. A remote user can upload a file containing PHP code and execute it on the system with the privileges of the Web server.

Manufacturer URL: http://themeforest.net/item/clockstone-ultimate-wordpress-theme/306607

Solution: Install the update from the manufacturer.

links:

http://www.attack-scanner.com/security/clockstone-and-other-various-cmsmasters-themes-flaw-patched/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s