Multiple vulnerabilities in Plogger <= 1.0RC1


An arbitrary file upload vulnerability and a CAPTCHA bypass vulnerability have been identified in Plogger <= 1.0 RC1.

Arbitrary File Upload

Plogger does not correctly handle ZIP files uploaded by an authenticated user and allows an attacker to upload a backdoor file in an accessible folder.

For more details, see the PDF document attached to this advisory.

**Access Vector**: remote

**Security Risk**: medium

**Vulnerability**: CWE-434

**CVE-ID**: CVE-2014-2223


Plogger theme Lucid implements a CAPTCHA, but this implementation is prone to a replay attack. The script generating the CAPTCHA image inserts a code in the current user session, but this value is not unset while processing the form, thus allowing an attacker to submit multiple times the form with always the same captcha and associated code.

More details in the PDF file attached.

**Access Vector**: remote

**Security Risk**: medium

**Vulnerability**: CWE-804

**CVE-ID**: CVE-2014-2224

Affected versions

* Plogger <= 1.0 RC1


No fix will be available for these vulnerabilities, vendor considers this piece of software as no longer maintained.


* 02/11/2014: vendor notified
* 02/21/2014: vendor answered that no fix will be made


* http://www.plogger.org/download/ (latest version)


* Bastien FAURE, Sysdream (b.faure -at- sysdream -dot- com)
* Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)


* Website: http://www.sysdream.com
* Twitter: @sysdream