CVE-2012-10027
CriticalSummary
The WP-Property plugin for WordPress up to version 1.35.0 contains an unauthenticated file upload vulnerability in the `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
Risk Assessment
This vulnerability poses a serious risk to organizations, allowing attackers to execute code remotely on the server, potentially leading to full system compromise.
Recommendation
It is recommended to update the WP-Property plugin to the latest version and monitor the server for unauthorized file uploads.
Original NVD description (English source)
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

