Lucene search
MitreCVELIST:CVE-2015-1376HistoryJan 28, 2015 - 11:00 a.m.
CVE-2015-1376
2015-01-2811:00:00
mitre
www.cve.org
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
References
packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html
seclists.org/fulldisclosure/2015/Jan/75
www.exploit-db.com/exploits/35846
www.openwall.com/lists/oss-security/2015/01/25/5
www.securityfocus.com/archive/1/534505/100/0/threaded
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
Related
nvd
nvd
CVE-2015-1376
2015-01-28 11:59:07
prion
prion
Code injection
2015-01-28 11:59:00
cve
cve
CVE-2015-1376
2015-01-28 11:59:07
wpvulndb
wpvulndb
Pixabay Images <= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)
2015-02-04 00:00:00