ID CVE-2014-9308
Summary Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
References
Vulnerable Configurations
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.30:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.30:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.31:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.31:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.32:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.32:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.33:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.33:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.34:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.34:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.35:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.35:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.1.36:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.1.36:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.8:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.8:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.9:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.9:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.10:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.10:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.11:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.11:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.12:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.12:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.13:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.13:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.14:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.14:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.15:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.15:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:1.2.16:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:1.2.16:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.1\@824267:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.1\@824267:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.8:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.8:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.9:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.9:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.10:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.10:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.11:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.11:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.12:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.12:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.13:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.13:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.14:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.14:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.15:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.15:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.16:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.16:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.17:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.17:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.18:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.18:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.19:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.19:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.20:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.20:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.21:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.21:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.0.22:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.0.22:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.8:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.8:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.9:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.9:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.10:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.10:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.11:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.11:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.12:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.12:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.13:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.13:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.14:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.14:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.15:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.15:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.16:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.16:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.17:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.17:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.18:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.18:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.19:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.19:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.20:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.20:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.21:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.21:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.22:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.22:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.23:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.23:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.24:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.24:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.25:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.25:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.26:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.26:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.27:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.27:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.28:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.28:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.29:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.29:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.30:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.30:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.31:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.31:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.32:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.32:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.33:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.33:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.34:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.34:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.35:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.35:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:2.1.36:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:2.1.36:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpeasycart:wp_easycart:3.0.8:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpeasycart:wp_easycart:3.0.8:*:*:*:*:wordpress:*:*
CVSS
Base: 6.5 (as of 16-01-2015 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 71983
confirm https://wordpress.org/plugins/wp-easycart/changelog/
exploit-db 35730
misc
osvdb 116806
Last major update 16-01-2015 - 16:29
Published 15-01-2015 - 15:59
Last modified 16-01-2015 - 16:29
Back to Top