PT-2019-7458 · Showbiz · Showbiz Pro Plugin

Roberto Soares Espreto

+1

·

Published

2019-10-22

·

Updated

2019-10-28

·

CVE-2015-9499

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Showbiz Pro plugin versions 1.7.1 and earlier
Description The issue allows for PHP code execution by uploading a .php file within a ZIP archive.
Recommendations For versions 1.7.1 and earlier, update to a version later than 1.7.1 to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2015-9499

Affected Products

Showbiz Pro Plugin