CVE-2012-5318

Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1125.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
kishore_asokankish_guest_posting_plugin
1.2
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/47688
http://www.openwall.com/lists/oss-security/2012/03/08/1
http://secunia.com/advisories/47688
http://www.openwall.com/lists/oss-security/2012/03/08/1