7.5
CVE-2015-5681
- EPSS 4.81%
- Veröffentlicht 18.08.2015 15:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPowerplay Gallery <= 3.3 - Arbitrary File Upload
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.
Mögliche Gegenmaßnahme
Powerplay Gallery: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpslideshow ≫ Powerplay Gallery Version3.3 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Powerplay Gallery
Version
*-3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.81% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Jul/64
http://www.openwall.com/lists/oss-security/2015/07/20/1
http://www.vapid.dhs.org/advisory.php?v=132
http://www.openwall.com/lists/oss-security/2015/07/27/8
https://www.wordfence.com/threat-intel/vulnerabilities/id/2655ec9f-471f-48e7-8e1c-a428ef3b46ee