CVE-2013-1916

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
user_photo_projectuser_photo
0.9.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/347137
https://wordpress.org/plugins/user-photo/#developers
https://www.exploit-db.com/exploits/16181
https://plugins.trac.wordpress.org/changeset/347137
https://wordpress.org/plugins/user-photo/#developers
https://www.exploit-db.com/exploits/16181