CVE-2014-5460

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Published on 11/09/14 - Updated on 09/10/18

Description

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2014-5460

Exploits

Exploit-DBEDB-34514, EDB-34681

Relative technologies

VendorProduct
tribulanttibulant_slideshow_gallery

Share this vulnerability with:

Twitter Facebook LinkedIn Mail