Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-10021

Good to know:

icon

Date: January 13, 2015

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.

Language: PHP

Severity Score

Related Resources (4)

http://www.securityfocus.com/bid/71686
https://nvd.nist.gov/vuln/detail/CVE-2014-10021
http://www.exploit-db.com/exploits/35543
https://www.mend.io/vulnerability-database/CVE-2014-10021

Severity Score

Top Fix

icon

Upgrade Version

Upgrade to version beats/beats-bundle - v0.1-alpha;snowcap/admin-bundle - v0.2.4;snowcap/admin-bundle - v1.0.0;snowcap/admin-bundle - no_fix;snowcap/admin-bundle - 0.2.0.x-dev;snowcap/admin-bundle - dev-security;aryaduta/metronic-bundle - no_fix;procoders/admin - 1.0.0;page/page - no_fix;ucs/richui - dev-3.0-dev;uneak/flatskin-bundle - no_fix;maximus905/t4fork - no_fix;zveen/cms-bundle - no_fix;amintado/yii2-aprico-asset - no_fix;enhavo/enhavo - 0.7.x-dev;enhavo/enhavo - 0.6;fixwa/black-framework - no_fix;ec-cube/ec-cube - 3.0.0-beta4;twedoo/volcator - no_fix;envrin/apex - 1.0.1;jbouzekri/file-uploader-bundle - no_fix;joacub/zf-joacub-uploader-twb - no_fix;bunkerdb/jquery-file-upload - 9.11.2;hatframework/hat-resource-upload - v0.2.1;hatframework/hat-resource-upload - v0.2.4;hatframework/hat-resource-upload - v0.3.4;raalveco/scaffolding - no_fix;gerizal/core-module - dev-feature;gerizal/core-module - no_fix;gerizal/core-module - 1.1.0;sebardo/admin - no_fix;vicitech/vici-cms - no_fix;unarealidad/canarium-kernal-core - no_fix;izyue/yii2-app-advanced - no_fix;fandoq/crudgenerator - no_fix;astrnt/core-module - no_fix;invictus/cms-core - no_fix;kvdh/symfony-jquery-file-upload - no_fix;leapt/admin-bundle - no_fix;leapt/admin-bundle - v0.9.0;silvestra/jquery-file-upload - no_fix;diginova/yii2-metronic - 0.1RC;diginova/yii2-metronic - no_fix;apex/apex - 1.2.16;apex/apex - 1.4.1;blueimp/jquery-file-upload - 9.11.2;ryshkin/pup-bundle - no_fix;giperplan/ncms - no_fix;enhavo/assets-bundle - no_fix;coolms/jquery - no_fix;whitegolem/filehandler - no_fix;sfynx-project/template-theme-flatlab-bundle - no_fix;avectris/core-module - no_fix;itlized/jquery-file-upload - no_fix;hustshenl/yii2-metronic - no_fix;speedovation/laravelmart - no_fix;xpressengine/xpressengine - 3.0.0-dev4;twedoo/stone - no_fix;skeeks/yii2-template-smarty - 1.0.0;pr-of-it/t4 - no_fix;org.webjars.npm:github-com-gitana-alpaca:no_fix;org.webjars.npm:alpaca:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us