6.5
CVE-2015-2194
- EPSS 3.19%
- Veröffentlicht 03.03.2015 19:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFusion <= 3.1 - Arbitrary File Upload
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.
Mögliche Gegenmaßnahme
Fusion: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digitalnature ≫ Fusion Version3.1 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Fusion
Version
*-3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.19% | 0.864 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html
http://www.securityfocus.com/bid/75341
https://wpvulndb.com/vulnerabilities/7795
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f286857-2fd3-4884-982f-47773f7af636