CVE-2014-5324

2014-09-2610:55:04

CWE-94

jpcert

web.nvd.nist.gov

cve-2014-5324

n-media

file uploader

wordpress

vulnerability

unrestricted file upload

php code execution

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.

Affected configurations

Nvd

Node

najeebmedian-media_file_uploaderRange≤3.3wordpress

najeebmedian-media_file_uploaderMatch3.0wordpress

najeebmedian-media_file_uploaderMatch3.1wordpress

najeebmedian-media_file_uploaderMatch3.2wordpress

VendorProductVersionCPE
najeebmedian-media_file_uploader*cpe:2.3:a:najeebmedia:n-media_file_uploader:*:*:*:*:*:wordpress:*:*
najeebmedian-media_file_uploader3.0cpe:2.3:a:najeebmedia:n-media_file_uploader:3.0:*:*:*:*:wordpress:*:*
najeebmedian-media_file_uploader3.1cpe:2.3:a:najeebmedia:n-media_file_uploader:3.1:*:*:*:*:wordpress:*:*
najeebmedian-media_file_uploader3.2cpe:2.3:a:najeebmedia:n-media_file_uploader:3.2:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
najeebmedia	n-media_file_uploader	*	cpe:2.3:a:najeebmedia:n-media_file_uploader::::::wordpress::*
najeebmedia	n-media_file_uploader	3.0	cpe:2.3:a:najeebmedia:n-media_file_uploader:3.0:::::wordpress::
najeebmedia	n-media_file_uploader	3.1	cpe:2.3:a:najeebmedia:n-media_file_uploader:3.1:::::wordpress::
najeebmedia	n-media_file_uploader	3.2	cpe:2.3:a:najeebmedia:n-media_file_uploader:3.2:::::wordpress::