CVE-2014-5460

Exploit

EPSS 70.89%
Veröffentlicht 11.09.2014 15:55:05
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Slideshow Gallery < 1.4.7 - Arbitrary File Upload

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Mögliche Gegenmaßnahme

Slideshow Gallery LITE: Update to version 1.4.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

NVD 7 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tribulant ≫ Tibulant Slideshow Gallery SwPlatformwordpress Version <= 1.4.6

Tribulant ≫ Tibulant Slideshow Gallery Version1.4 SwPlatformwordpress

Tribulant ≫ Tibulant Slideshow Gallery Version1.4.1 SwPlatformwordpress

Tribulant ≫ Tibulant Slideshow Gallery Version1.4.2 SwPlatformwordpress

Tribulant ≫ Tibulant Slideshow Gallery Version1.4.3 SwPlatformwordpress

Tribulant ≫ Tibulant Slideshow Gallery Version1.4.4 SwPlatformwordpress

Tribulant ≫ Tibulant Slideshow Gallery Version1.4.5 SwPlatformwordpress

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Slideshow Gallery LITE

Version [*, 1.4.7)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	70.89%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html

Exploit

http://secunia.com/advisories/60074

http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html

Exploit

http://www.exploit-db.com/exploits/34514

Exploit

http://www.exploit-db.com/exploits/34681

Exploit

http://www.securityfocus.com/archive/1/533281/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/95676

https://wordpress.org/plugins/slideshow-gallery/changelog

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/068cb509-7451-4f2f-a65c-ed7686c6f6d7

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-5460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5460

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-5460