Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 1

Arbitrary file upload in WP Mobile detector

Arbitrary file upload

The vulnerability allows a remote attacker to upload arbitrary files to compromise the target system.

The weakness exists due to the failure to validate and sanitize input. A remote attacker can send a request toresize.php or timthumb.php inside the plugin directory with the backdoor URL that contains a PHP code.

Successful exploitation of the vulnerability may result in malicious files uploading and vulnerable system compromising.

Note: the vulnerability was being actively exploited.
i

Researchers at Sucuri said that attacks against WordPress sites running the plugin started on May 26.

Software: WP Mobile detector

Researchers at Sucuri said that attacks against WordPress sites running the plugin started on May 26.