CVE-2015-10135
BaseFortify
Publication date: 2025-07-19
Last updated on: 2025-12-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eoxia | wpshop_2 | to 1.3.9.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WPshop 2 β E-Commerce WordPress plugin versions before 1.3.9.6 is an arbitrary file upload flaw in the ajaxUpload function. Due to missing file type validation, unauthenticated attackers can upload arbitrary files, including malicious PHP scripts, to the server. This allows them to execute remote code on the affected site by accessing the uploaded files. The issue exists in the script includes/ajax.php and can be exploited by sending a specially crafted POST request with a file parameter to the vulnerable endpoint. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing remote attackers to upload and execute malicious code on your server without authentication. This can lead to full compromise of the website and server, including data theft, defacement, unauthorized access, and disruption of services. The CVSS v3.1 score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to upload a test PHP file to the vulnerable endpoint using a POST request. For example, you can use the following curl command to test if the server allows arbitrary file uploads via the ajaxUpload action: curl -X POST "http://<target>/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload" -F "[email protected]" where test.php contains a simple PHP payload like '<?php phpinfo(); ?>'. If the file uploads successfully and is accessible via the web server, the vulnerability exists. Additionally, Metasploit has a module to automate this detection and exploitation. Monitoring network traffic for POST requests to 'includes/ajax.php' with the 'elementCode=ajaxUpload' parameter and file uploads can also help detect attempts to exploit this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WPshop plugin to version 1.3.9.6 or later, which patches the arbitrary file upload vulnerability. This update includes improved file upload handling and input validation to prevent unauthorized uploads. Until the update can be applied, consider restricting access to the vulnerable ajax.php endpoint, for example by using web server rules or firewall rules to block unauthenticated POST requests to 'wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload'. [1, 3]