CVE Catalog

CVE-2012-10027

Critical
Published: Translated: NVD NIST

Summary

The WP-Property plugin for WordPress up to version 1.35.0 contains an unauthenticated file upload vulnerability in the `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

Risk Assessment

This vulnerability poses a serious risk to organizations, allowing attackers to execute code remotely on the server, potentially leading to full system compromise.

Recommendation

It is recommended to update the WP-Property plugin to the latest version and monitor the server for unauthorized file uploads.

Original NVD description (English source)

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS