Lucene search

[email protected]CVE-2015-2194

HistoryMar 03, 2015 - 7:59 p.m.

CVE-2015-2194

2015-03-0319:59:00

[email protected]

web.nvd.nist.gov

cve-2015-2194

file upload

vulnerability

fusion theme

wordpress

arbitrary code

remote execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.6%

JSON

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.

Affected configurations

NVD

Node

digitalnaturefusionMatch3.1wordpress

CPENameOperatorVersion
digitalnature:fusiondigitalnature fusioneq3.1

CPE	Name	Operator	Version
digitalnature:fusion	digitalnature fusion	eq	3.1

References

packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html

www.securityfocus.com/bid/75341

wpvulndb.com/vulnerabilities/7795

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2015-2194

patchstack1 prion1 checkpoint_advisories1 nvd1 cvelist1 kaspersky1