CVE-2015-4133

Name of the Vulnerable Software and Affected Versions ReFlex Gallery plugin versions prior to 3.1.4

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the uploads/ directory. This is due to an unrestricted file upload vulnerability in the admin/scripts/FileUploader/php.php file.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploads/ directory to minimize the risk of exploitation. Avoid using the FileUploader functionality until the issue is resolved.