CVE-2012-10027

Summary

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.

Affected Software

VendorProductVersion RangeStatus
WP-PropertyWordPress Plugin0 <= 1.35.0affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References