Hello Folks,
You can get php execution by using the file extension .phtml for both of these
advisories. I'm currently updating the advisories and the vendor.
Try using an uncommon extension not defined in /etc/mime.types.
$ grep "#app" /etc/mime.types
#application/vnd.ms-pki.stl
Title: Remote file upload vulnerability in
videowhisper-video-conference-integration wordpress plugin v4.91.8
Author: Larry W. Cashdollar, @_larry0
Date: 2015-03-29
Download Site:
https://wordpress.org/support/plugin/videowhisper-video-conference-integration
Vendor: http://www.videowhisper.com/
V
