PT-2015-5144 · Unknown · Holding Pattern

Published

2015-02-11

Updated

2017-07-17

CVE-2015-1172

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Holding Pattern theme (aka holding pattern) version 0.6 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension to the admin/upload-file.php endpoint, and then accessing it via a direct request.

Recommendations For Holding Pattern theme version 0.6 and earlier, update to a version later than 0.6 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1172

Affected Products

Holding Pattern

PT-2015-5144 · Unknown · Holding Pattern

CVE-2015-1172

Related Identifiers

Affected Products

References · 7