Vulnerabilities and security researches forpremium-seo-pack-light-version premium-seo-pack-light-version

Jun 06, 2024

CVE, Research URL: af828e4140f0a41b14b20395e5a6db7eedd6f57d
Home page URL: Security reports for Premium Seo Pack – Light Version
Application: Premium Seo Pack – Light Version
Date: May 01, 2015
Research Description: Premium Seo Pack – Light Version [premium-seo-pack-light-version] <= 1.8.0 (unfixed) AA-Team Premium SEO Pack <= 1.8.0 - Local File Disclosure and Arbitrary File Upload The AA-Team Premium SEO Pack plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.8.0 via the 'file_content' parameter. This makes it possible for unauthenticated attackers that include the default connection key to upload arbitrary files like shell scripts that can be used to execute code on the server. The plugin is also vulnerable to Local File Disclosure via the 'file' parameter. This makes it possible for unauthenticated attackers who include the default connection key to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable