CVE-2015-4133

2015-05-28T14:59:00
ID CVE-2015-4133
Type cve
Reporter cve@mitre.org
Modified 2016-11-28T19:27:00

Description

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>