WP Symposium <= 14.11 – Unauthenticated Shell Upload | CVE 2014-10021

Affects Plugins

wp-symposium

No known fix

References

CVE

CVE-2014-10021

Exploitdb

35543

Exploitdb

35778

URL

exploit/unix/webapp/wp_symposium_shell_upload

URL

https://packetstormsecurity.com/files/#129884/

URL

https://www.homelab.it/index.php/2014/12/11/wordpress-wp-symposium-shell-upload/

URL

https://blog.sucuri.net/2014/12/wp-symposium-zero-day-vulnerability-dangers.html

Miscellaneous

Submitter

Claudio Viviani

Submitter website

http://www.homelab.it

Submitter twitter

homelabit

Verified

Yes

WPVDB ID

2e454393-a36d-4b24-9b9e-603f5efddfb0

Timeline

Publicly Published

2014-12-11 (about 11 years ago)

Added

2014-12-11 (about 11 years ago)

Last Updated

2020-04-15 (about 6 years ago)

Other

Published

Title

Published

2024-01-09

Title

Customer Reviews for WooCommerce < 5.38.10 - Author+ Arbitrary File Upload

Published

2024-04-01

Title

EnvíaloSimple: Email Marketing y Newsletters < 2.4 - Arbitrary File Upload via CSRF

Published

2025-06-12

Title

MapSVG < 8.7.4 - Contributor+ Arbitrary File Upload

Published

2019-06-06

Title

Crelly Slider <= 1.3.4 - Arbitrary File Upload

Published

2021-06-28

Title

SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload