PT-2015-6981 · WordPress · Powerplay Gallery Plugin

Larry W. Cashdollar

Publicado

2015-08-18

Atualizado

2019-07-09

CVE-2015-5599

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Powerplay Gallery plugin version 3.3 for WordPress

Description The issue concerns SQL injection vulnerabilities in the upload.php file of the Powerplay Gallery plugin. Remote attackers can execute arbitrary SQL commands by manipulating the albumid or name parameters.

Recommendations For Powerplay Gallery plugin version 3.3, consider disabling the upload.php file or restricting access to it until a patch is available. Avoid using the albumid and name parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2015-5599

Produtos afetados

Powerplay Gallery Plugin

PT-2015-6981 · WordPress · Powerplay Gallery Plugin

CVE-2015-5599

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6