PT-2017-6882 · WordPress · Powerplay Gallery Plugin

Larry W. Cashdollar

Publicado

2017-05-23

Atualizado

2017-06-08

CVE-2015-5682

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Powerplay Gallery plugin version 3.3 for WordPress

Description The issue allows remote attackers to create arbitrary directories. This is related to the targetDir variable in the upload.php file.

Recommendations For Powerplay Gallery plugin version 3.3, consider disabling the upload functionality until a patch is available to prevent exploitation. Restrict access to the upload.php file to minimize the risk of arbitrary directory creation. Avoid using the targetDir variable in the upload.php file until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2015-5682

Produtos afetados

Powerplay Gallery Plugin

PT-2017-6882 · WordPress · Powerplay Gallery Plugin

CVE-2015-5682

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4