7.5
CVE-2015-4133
- EPSS 61.35%
- Veröffentlicht 28.05.2015 14:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
Mögliche Gegenmaßnahme
ReFlex Gallery » WordPress Photo Gallery: Update to version 3.1.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Reflex Gallery Project ≫ Reflex Gallery SwPlatformwordpress Version <= 3.1.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ReFlex Gallery » WordPress Photo Gallery
Version
[*, 3.1.4)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 61.35% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://osvdb.org/show/osvdb/88853
http://packetstormsecurity.com/files/130845/
http://packetstormsecurity.com/files/131515/
http://www.securityfocus.com/bid/57100
https://wordpress.org/plugins/reflex-gallery/changelog/
https://wpvulndb.com/vulnerabilities/7867
https://www.exploit-db.com/exploits/36809/
https://www.wordfence.com/threat-intel/vulnerabilities/id/44e54ac5-8091-4154-a14c-5cd67647f722