PT-2015-5144 · Unknown · Holding Pattern

Publicado

2015-02-11

Atualizado

2017-07-17

CVE-2015-1172

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Holding Pattern theme (aka holding pattern) version 0.6 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension to the admin/upload-file.php endpoint, and then accessing it via a direct request.

Recommendations For Holding Pattern theme version 0.6 and earlier, update to a version later than 0.6 to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2015-1172

Produtos afetados

Holding Pattern

PT-2015-5144 · Unknown · Holding Pattern

CVE-2015-1172

Identificadores relacionados

Produtos afetados

Referências · 7