CVE Catalog

CVE-2018-25335

Critical
Published: Translated: NVD NIST

Summary

The WordPress Plugin Peugeot Music version 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter.

Risk Assessment

This vulnerability poses a serious security risk, allowing attackers to execute malicious code on the server, potentially leading to system compromise.

Recommendation

It is recommended to update the plugin to the latest version or remove it to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS