PT-2015-6981 · WordPress · Powerplay Gallery Plugin

Larry W. Cashdollar

Published

2015-08-18

Updated

2019-07-09

CVE-2015-5599

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Powerplay Gallery plugin version 3.3 for WordPress

Description The issue concerns SQL injection vulnerabilities in the upload.php file of the Powerplay Gallery plugin. Remote attackers can execute arbitrary SQL commands by manipulating the albumid or name parameters.

Recommendations For Powerplay Gallery plugin version 3.3, consider disabling the upload.php file or restricting access to it until a patch is available. Avoid using the albumid and name parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-5599

Affected Products

Powerplay Gallery Plugin

PT-2015-6981 · WordPress · Powerplay Gallery Plugin

CVE-2015-5599

Weakness Enumeration

Related Identifiers

Affected Products

References · 6