CVE-2014-10021

EXPLOITED

Wpsymposiumpro WP Symposium - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/35778

View Code ZIP pw:eip

exploitdb WORKING POC

by Claudio Viviani · pythonwebappsphp

https://www.exploit-db.com/exploits/35543

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Claudio Viviani, rastating · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_symposium_shell_upload.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/35543

[Broken Link] http://www.securityfocus.com/bid/71686

Scores

EPSS 0.7845

EPSS Percentile 99.0%

Details

VulnCheck KEV 2014-12-30

Status published

Products (1)

wpsymposiumpro/wp_symposium 14.11

Published Jan 13, 2015

Tracked Since Feb 18, 2026