Plogger version 1.0 RC1 – Multiple vulnerabilities
An arbitrary file upload vulnerability and a CAPTCHA bypass vulnerability have been identified in Plogger <= 1.0 RC1.=============================================
Multiple vulnerabilities in Plogger <= 1.0RC1
=============================================
Description
===========
An arbitrary file upload vulnerability and a CAPTCHA bypass vulnerability have been identified in Plogger <= 1.0 RC1.
Arbitrary File Upload
=====================
Plogger does not correctly handle ZIP files uploaded by an authenticated user and allows an attacker to upload a backdoor file in an accessible folder.
For more details, see the PDF document attached to this advisory.
**Access Vector**: remote
**Security Risk**: medium
**Vulnerability**: CWE-434
**CVE-ID**: CVE-2014-2223
CAPTCHA Bypass
==============
Plogger theme Lucid implements a CAPTCHA, but this implementation is prone to a replay attack. The script generating the CAPTCHA image inserts a code in the current user session, but this value is not unset while processing the form, thus allowing an attacker to submit multiple times the form with always the same captcha and associated code.
More details in the PDF file attached.
**Access Vector**: remote
**Security Risk**: medium
**Vulnerability**: CWE-804
**CVE-ID**: CVE-2014-2224
Affected versions
=================
* Plogger <= 1.0 RC1
Solution
========
No fix will be available for these vulnerabilities, vendor considers this piece of software as no longer maintained.
Timeline
========
* 02/11/2014: vendor notified
* 02/21/2014: vendor answered that no fix will be made
References
==========
* http://www.plogger.org/download/ (latest version)
Credits
=======
* Bastien FAURE, Sysdream (b.faure -at- sysdream -dot- com)
* Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)
Contact
=======
* Website: https://sysdream.com
* Twitter: @sysdream