Lucene search
HistoryAug 18, 2015 - 3:59 p.m.
CVE-2015-5681
cve-2015-5681
file upload
vulnerability
powerplay gallery plugin
wordpress
remote code execution
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.106 Low
EPSS
Percentile
95.1%
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.
Affected configurations
Node
wpslideshowpowerplay_galleryMatch3.3wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| wpslideshow:powerplay_gallery | wpslideshow powerplay gallery | eq | 3.3 |
Related
prion
prion
Unrestricted file upload
2015-08-18 15:59:00
patchstack
patchstack
WordPress Powerplay Gallery Plugin <= 3.3 - Unrestricted File Upload
2015-07-27 00:00:00
nvd
nvd
CVE-2015-5681
2015-08-18 15:59:06
cvelist
cvelist
CVE-2015-5681
2015-08-18 15:00:00
wpvulndb
wpvulndb
Powerplay Gallery - Arbitrary File Upload & SQL Injection
2015-07-01 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.106 Low
EPSS
Percentile
95.1%
Related for CVE-2015-5681