Lucene search

[email protected]CVE-2015-4133

HistoryMay 28, 2015 - 2:59 p.m.

CVE-2015-4133

2015-05-2814:59:10

[email protected]

web.nvd.nist.gov

cve-2015-4133

file upload vulnerability

reflex gallery

wordpress

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.833 High

EPSS

Percentile

98.5%

JSON

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.

Affected configurations

NVD

Node

reflex_gallery_projectreflex_galleryRange≤3.1.3wordpress

CPENameOperatorVersion
reflex_gallery_project:reflex_galleryreflex gallery project reflex galleryle3.1.3

CPE	Name	Operator	Version
reflex_gallery_project:reflex_gallery	reflex gallery project reflex gallery	le	3.1.3

References

osvdb.org/show/osvdb/88853

packetstormsecurity.com/files/130845/

packetstormsecurity.com/files/131515/

www.securityfocus.com/bid/57100

wordpress.org/plugins/reflex-gallery/changelog/

wpvulndb.com/vulnerabilities/7867

www.exploit-db.com/exploits/36809/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.833 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2015-4133

prion1 wpvulndb1 cvelist1 nvd1 patchstack1