Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasCVE_2014_5460
HistorySep 11, 2014 - 3:55 p.m.

Immunity Canvas: CVE_2014_5460

2014-09-1115:55:00
Immunity Canvas
exploitlist.immunityinc.com
32

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.919 High

EPSS

Percentile

98.7%

JSON
Name CVE_2014_5460
CVE CVE-2014-5460 Exploit Pack
VENDOR: Tribulant
Changelog: https://wordpress.org/plugins/slideshow-gallery/changelog/
Notes:

If the Suhosin-Patch is installed (typically announced in the PHP banner) the MOSDEF PHP
shell startup will not work however the vulnerability will still be exploitable.

This is a post authentication shell upload vulnerability in a popular (400k+ downloads)
wordpress plugin. By default only admins can reach the vulnerability.

The plugin does allow for administrators to give any class of user the ability to
interact with the vulnerable functionality, though they would have to do so deliberately.

Repeatability: Infinite
References: http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5460
CERT Advisory: None
Date public: 08/31/14

Related

prion 1
packetstorm 3
zdt 2
securityvulns 2
wpvulndb 1
seebug 1
exploitpack 1
cve 1
exploitdb 1
prion
prion
Unrestricted file upload
2014-09-11 15:55:00
packetstorm
packetstorm
WordPress Slideshow Gallery 1.4.6 Shell Upload
2014-08-31 00:00:00
WordPress Slideshow Gallery 1.4.6 Shell Upload
2014-09-16 00:00:00
WordPress SlideShow Gallery Authenticated File Upload
2015-04-20 00:00:00
zdt
zdt
WordPress SlideShow Gallery Authenticated File Upload Exploit
2015-04-20 00:00:00
WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability
2014-09-01 00:00:00
securityvulns
securityvulns
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
2014-10-14 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-10-14 00:00:00
wpvulndb
wpvulndb
Slideshow Gallery < 1.4.7 - Arbitrary File Upload
2014-09-17 00:00:00
seebug
seebug
Wordpress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit)
2014-10-10 00:00:00
exploitpack
exploitpack
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)
2014-09-16 00:00:00
cve
cve
CVE-2014-5460
2014-09-11 15:55:00
exploitdb
exploitdb
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
2014-09-16 00:00:00

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.919 High

EPSS

Percentile

98.7%

JSON
Related for CVE_2014_5460
prion1packetstorm3zdt2securityvulns2wpvulndb1seebug1exploitpack1cve1exploitdb1