Lucene search

MitreCVE-2015-1365

HistoryJan 27, 2015 - 8:04 p.m.

CVE-2015-1365

2015-01-2720:04:21

CWE-22

mitre

web.nvd.nist.gov

cve

2015

1365

directory traversal

pixabay images

plugin

wordpress

remote attackers

arbitrary files

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a … (dot dot) in the q parameter.

Affected configurations

Nvd

Node

pixabay_images_projectpixabay_imagesRange≤2.3wordpress

VendorProductVersionCPE
pixabay_images_projectpixabay_images*cpe:2.3:a:pixabay_images_project:pixabay_images:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pixabay_images_project	pixabay_images	*	cpe:2.3:a:pixabay_images_project:pixabay_images::::::wordpress::*

References

osvdb.org/show/osvdb/117147

packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

seclists.org/fulldisclosure/2015/Jan/75

www.exploit-db.com/exploits/35846

www.openwall.com/lists/oss-security/2015/01/25/5

www.securityfocus.com/archive/1/534505/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/100036

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

wordpress.org/plugins/pixabay-images/changelog/

www.mogwaisecurity.de/advisories/MSA-2015-01.txt