Описание
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Patch
- Exploit
- Exploit
- Exploit
- Exploit
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.6 (включая)
Одно из
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.64727
Средний
6.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
EPSS
Процентиль: 98%
0.64727
Средний
6.5 Medium
CVSS2
Дефекты
CWE-20