CVE-2013-5963 | Vulnerability Database | Aqua Security

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/.

Affected Software

Name	Vendor	Start Version	End Version
Simple_dropbox_upload_form	Cdsincdesign	*	1.8.8 (including)
Simple_dropbox_upload_form	Cdsincdesign	0.5.0 (including)	0.5.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.0.0 (including)	1.0.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.1.0 (including)	1.1.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.1.1 (including)	1.1.1 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.1.2 (including)	1.1.2 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.2.0 (including)	1.2.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.3.0 (including)	1.3.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.3.1 (including)	1.3.1 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.4.0 (including)	1.4.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.5.0 (including)	1.5.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.5.1 (including)	1.5.1 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.5.2 (including)	1.5.2 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.5.3 (including)	1.5.3 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.6.0 (including)	1.6.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.7.0 (including)	1.7.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.0 (including)	1.8.0 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.1 (including)	1.8.1 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.2 (including)	1.8.2 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.3 (including)	1.8.3 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.4 (including)	1.8.4 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.5 (including)	1.8.5 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.6 (including)	1.8.6 (including)
Simple_dropbox_upload_form	Cdsincdesign	1.8.7 (including)	1.8.7 (including)

References

http://packetstormsecurity.com/files/123235
http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=774214%40simple-dropbox-upload-form%2Ftrunk\u0026new=774214%40simple-dropbox-upload-form%2Ftrunk
http://secunia.com/advisories/54856
http://wordpress.org/plugins/simple-dropbox-upload-form/changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/87166
http://packetstormsecurity.com/files/123235
http://plugins.trac.wordpress.org/changeset?reponame=\u0026old=774214%40simple-dropbox-upload-form%2Ftrunk\u0026new=774214%40simple-dropbox-upload-form%2Ftrunk
http://secunia.com/advisories/54856
http://wordpress.org/plugins/simple-dropbox-upload-form/changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/87166

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-5963
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html