CVE-2014-5460

2014-09-1115:55:05

CWE-20

mitre

web.nvd.nist.gov

cve-2014-5460

vulnerability

file upload

tribulant slideshow gallery

wordpress

remote authenticated

arbitrary code

php

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.937

Percentile

99.2%

JSON

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Affected configurations

Nvd

Node

tribulanttibulant_slideshow_galleryRange≤1.4.6wordpress

tribulanttibulant_slideshow_galleryMatch1.4wordpress

tribulanttibulant_slideshow_galleryMatch1.4.1wordpress

tribulanttibulant_slideshow_galleryMatch1.4.2wordpress

tribulanttibulant_slideshow_galleryMatch1.4.3wordpress

tribulanttibulant_slideshow_galleryMatch1.4.4wordpress

tribulanttibulant_slideshow_galleryMatch1.4.5wordpress

VendorProductVersionCPE
tribulanttibulant_slideshow_gallery*cpe:2.3:a:tribulant:tibulant_slideshow_gallery:*:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.1cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.2cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.3cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.4cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.5cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
tribulant	tibulant_slideshow_gallery	*	cpe:2.3:a:tribulant:tibulant_slideshow_gallery::::::wordpress::*
tribulant	tibulant_slideshow_gallery	1.4	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.1	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.2	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.3	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.4	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.5	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:::::wordpress::