PT-2017-6882 · WordPress · Powerplay Gallery Plugin

Larry W. Cashdollar

Published

2017-05-23

Updated

2017-06-08

CVE-2015-5682

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Powerplay Gallery plugin version 3.3 for WordPress

Description The issue allows remote attackers to create arbitrary directories. This is related to the targetDir variable in the upload.php file.

Recommendations For Powerplay Gallery plugin version 3.3, consider disabling the upload functionality until a patch is available to prevent exploitation. Restrict access to the upload.php file to minimize the risk of arbitrary directory creation. Avoid using the targetDir variable in the upload.php file until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-5682

Affected Products

Powerplay Gallery Plugin

PT-2017-6882 · WordPress · Powerplay Gallery Plugin

CVE-2015-5682

Weakness Enumeration

Related Identifiers

Affected Products

References · 4