Lucene search

[email protected]CVE-2012-3575

HistoryJun 16, 2012 - 12:55 a.m.

CVE-2012-3575

2012-06-1600:55:07

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-3575

unrestricted file upload

rbx gallery

wordpress

vulnerability

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.099 Low

EPSS

Percentile

94.9%

JSON

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.

Affected configurations

NVD

Node

rbx_galleryrbx_galleryMatch2.1

AND

wordpresswordpressMatch-

CPENameOperatorVersion
rbx_gallery:rbx_galleryrbx galleryeq2.1

CPE	Name	Operator	Version
rbx_gallery:rbx_gallery	rbx gallery	eq	2.1

References

secunia.com/advisories/49463

www.exploit-db.com/exploits/19019

www.opensyscom.fr/Actualites/wordpress-plugins-rbx-gallery-multiple-arbitrary-file-upload-vulnerability.html

exchange.xforce.ibmcloud.com/vulnerabilities/76170

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.099 Low

EPSS

Percentile

94.9%

JSON

Related for CVE-2012-3575

wpvulndb1 dsquare1 nvd1 patchstack1 prion1 cvelist1