7.5
CVE-2014-6446
- EPSS 46.17%
- Veröffentlicht 26.09.2014 21:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInfusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Mögliche Gegenmaßnahme
Infusionsoft Gravity Forms Add-on: Update to version 1.5.11, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.3 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.4 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.4.1 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.4.2 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.5 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.6 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.7 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.7.1 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.7.2 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.8 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.8.1 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9.1 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9.2 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9.3 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9.4 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.9.5 SwPlatformwordpress
Infusionsoft Gravity Forms Project ≫ Infusionsoft Gravity Forms Version1.5.10 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Infusionsoft Gravity Forms Add-on
Version
1.5.3-1.5.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 46.17% | 0.987 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://osvdb.org/show/osvdb/112171
http://packetstormsecurity.com/files/131002/Wordpress-InfusionSoft-Shell-Upload.html
http://research.g0blin.co.uk/cve-2014-6446/
http://www.exploit-db.com/exploits/34925
https://wordpress.org/plugins/infusionsoft/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8840bb3c-3e4b-48d5-bf01-2ed9bcfcf27a