Posts Tagged ‘WordPress Clockstone’

Wordpress VulnerabilityVulnerability: System compromise in WordPress Clockstone

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: System Compromise

Affected products: WordPress Clockstone Theme 1.x

Affected versions: WordPress Clockstone 1.2, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to insufficient checks downloaded files in the script wp-content/themes/clockstone/theme/functions/upload.php. A remote user can upload a file containing PHP code and execute it on the system with the privileges of the Web server. (more…)