logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload

Description

An Authenticated user (admin+) can bypass the security check of the plugin and upload arbitrary files via the Brand Logo.

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

hs-brand-logo-slider

No known fix - plugin closed

References

ExploitDB

48913

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

Net-Hunter

Verified

Yes

WPVDB ID

3aab3cab-13bf-4423-a2d3-e23dbc71c5c2

Timeline

Publicly Published

2020-10-21 (about 1 years ago)

Added

2020-10-21 (about 1 years ago)

Last Updated

2020-11-03 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin