CVE-2015-6967

Name of the Vulnerable Software and Affected Versions Nibbleblog versions prior to 4.0.5

Description The issue allows remote administrators to execute arbitrary code by uploading a file with an executable extension to the My Image plugin, then accessing it via a direct request to the file in content/private/plugins/my image/image.php.

Recommendations For versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the My Image plugin to minimize the risk of exploitation. Avoid using the My Image plugin until the issue is resolved.