CVE-2014-5460

2014-09-1115:55:05

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.937

Percentile

99.2%

JSON

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

Affected configurations

Nvd

Node

tribulanttibulant_slideshow_galleryRange≤1.4.6wordpress

tribulanttibulant_slideshow_galleryMatch1.4wordpress

tribulanttibulant_slideshow_galleryMatch1.4.1wordpress

tribulanttibulant_slideshow_galleryMatch1.4.2wordpress

tribulanttibulant_slideshow_galleryMatch1.4.3wordpress

tribulanttibulant_slideshow_galleryMatch1.4.4wordpress

tribulanttibulant_slideshow_galleryMatch1.4.5wordpress

VendorProductVersionCPE
tribulanttibulant_slideshow_gallery*cpe:2.3:a:tribulant:tibulant_slideshow_gallery:*:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.1cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.2cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.3cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.4cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:*:*:*:*:wordpress:*:*
tribulanttibulant_slideshow_gallery1.4.5cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
tribulant	tibulant_slideshow_gallery	*	cpe:2.3:a:tribulant:tibulant_slideshow_gallery::::::wordpress::*
tribulant	tibulant_slideshow_gallery	1.4	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.1	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.1:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.2	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.2:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.3	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.3:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.4	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.4:::::wordpress::
tribulant	tibulant_slideshow_gallery	1.4.5	cpe:2.3:a:tribulant:tibulant_slideshow_gallery:1.4.5:::::wordpress::