Lucene search
PRIOn knowledge basePRION:CVE-2015-1376HistoryJan 28, 2015 - 11:59 a.m.
Code injection
2015-01-2811:59:00
PRIOn knowledge base
www.prio-n.com
5
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pixabay_images | le | 2.3 |
References
packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html
seclists.org/fulldisclosure/2015/Jan/75
www.openwall.com/lists/oss-security/2015/01/25/5
www.securityfocus.com/archive/1/534505/100/0/threaded
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php
www.exploit-db.com/exploits/35846
Related
nvd
nvd
CVE-2015-1376
2015-01-28 11:59:07
cvelist
cvelist
CVE-2015-1376
2015-01-28 11:00:00
cve
cve
CVE-2015-1376
2015-01-28 11:59:07
wpvulndb
wpvulndb
Pixabay Images <= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)
2015-02-04 00:00:00