=============================================
Multiple vulnerabilities in Plogger <= 1.0RC1
=============================================

Description
===========

An arbitrary file upload vulnerability and a CAPTCHA bypass vulnerability have been identified in Plogger <= 1.0 RC1.

Arbitrary File Upload
=====================

Plogger does not correctly handle ZIP files uploaded by an authenticated user and allows an attacker to upload a backdoor file in an accessible folder.

For more details, see the PDF document attached to this advisory.

**Access Vector**: remote

**Security Risk**: medium

**Vulnerability**: CWE-434

**CVE-ID**: CVE-2014-2223

CAPTCHA Bypass
==============

Plogger theme Lucid implements a CAPTCHA, but this implementation is prone to a replay attack. The script generating the CAPTCHA image inserts a code in the current user session, but this value is not unset while processing the form, thus allowing an attacker to submit multiple times the form with always the same captcha and associated code.

More details in the PDF file attached.

**Access Vector**: remote

**Security Risk**: medium

**Vulnerability**: CWE-804

**CVE-ID**: CVE-2014-2224

Affected versions
=================

* Plogger <= 1.0 RC1

Solution
========

No fix will be available for these vulnerabilities, vendor considers this piece of software as no longer maintained.

Timeline
========

* 02/11/2014: vendor notified
* 02/21/2014: vendor answered that no fix will be made

References
==========

* http://www.plogger.org/download/ (latest version)

Credits
=======

* Bastien FAURE, Sysdream (b.faure -at- sysdream -dot- com)
* Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)

Contact
=======

* Website: http://www.sysdream.com
* Twitter: @sysdream

PLOGGER-1.0RC1-advisory.pdf