CVE-2015-1375

Exploit

EPSS 24.78%
Veröffentlicht 28.01.2015 11:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Pixabay Images <= 2.0 - Authentication Bypass to Arbitrary File Upload

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Mögliche Gegenmaßnahme

Pixabay Images: Update to version 2.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Pixabay Images

Version *-2.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pixabay Images Project ≫ Pixabay Images SwPlatformwordpress Version <= 2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	24.78%	0.959

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

Exploit

http://seclists.org/fulldisclosure/2015/Jan/75

Exploit

http://www.exploit-db.com/exploits/35846

Exploit

http://www.openwall.com/lists/oss-security/2015/01/25/5

http://www.securityfocus.com/archive/1/534505/100/0/threaded

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

http://www.osvdb.org/117146

https://www.wordfence.com/threat-intel/vulnerabilities/id/40a6a810-1151-49e6-bed4-2b7a572ac015

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-1375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1375

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-1375