6.5
CVE-2014-5460
- EPSS 64.73%
- Veröffentlicht 11.09.2014 15:55:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSlideshow Gallery < 1.4.7 - Arbitrary File Upload
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
Mögliche Gegenmaßnahme
Slideshow Gallery LITE: Update to version 1.4.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Slideshow Gallery LITE
Version
[*, 1.4.7)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tribulant ≫ Tibulant Slideshow Gallery SwPlatformwordpress Version <= 1.4.6
Tribulant ≫ Tibulant Slideshow Gallery Version1.4 SwPlatformwordpress
Tribulant ≫ Tibulant Slideshow Gallery Version1.4.1 SwPlatformwordpress
Tribulant ≫ Tibulant Slideshow Gallery Version1.4.2 SwPlatformwordpress
Tribulant ≫ Tibulant Slideshow Gallery Version1.4.3 SwPlatformwordpress
Tribulant ≫ Tibulant Slideshow Gallery Version1.4.4 SwPlatformwordpress
Tribulant ≫ Tibulant Slideshow Gallery Version1.4.5 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 64.73% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.