Intrusion PreventionWordPress.MM.Forms.Community.Plugin.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in MM Forms Community Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.
Affected Products
MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-02-01 | 14.540 | Name:Wordpress. MM. Forms. Community. Plugin. Arbitrary. File. Upload:WordPress. MM. Forms. Community. Plugin. Arbitrary. File. Upload |
References
http://www.exploit-db.com/exploits/18997/| ID | 34831 |
| Created | Mar 26, 2013 |
| Updated | Sep 04, 2023 |
| Risk |
|
| CVE ID | CVE-2012-3574 |
| Exploit Prediction Score | 27.1% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |