CVE-2015-1375

2015-01-2811:59:00

CWE-264

[email protected]

web.nvd.nist.gov

pixabay images

wordpress

cve-2015-1375

security vulnerability

file upload

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.181 Low

EPSS

Percentile

96.2%

JSON

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Affected configurations

NVD

Node

pixabay_images_projectpixabay_imagesRange≤2.3wordpress

CPENameOperatorVersion
pixabay_images_project:pixabay_imagespixabay images project pixabay imagesle2.3

CPE	Name	Operator	Version
pixabay_images_project:pixabay_images	pixabay images project pixabay images	le	2.3

References

packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

seclists.org/fulldisclosure/2015/Jan/75

www.exploit-db.com/exploits/35846

www.openwall.com/lists/oss-security/2015/01/25/5

www.osvdb.org/117146

www.securityfocus.com/archive/1/534505/100/0/threaded

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php