Lucene search
Larry W. CashdollarWPVDB-ID:CAC92A37-4643-4603-A42B-8648EC7B7D7EHistoryJun 09, 2015 - 12:00 a.m.
Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload
2015-06-0900:00:00
Larry W. Cashdollar
wpscan.com
8
0.559 Medium
EPSS
Percentile
97.7%
There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary code to be uploaded to the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| aviary-image-editor-add-on-for-gravity-forms | eq | * |
Related
packetstorm
packetstorm
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
2015-06-11 00:00:00
cve
cve
CVE-2015-4455
2017-05-23 04:29:00
zdt
zdt
prion
prion
Unrestricted file upload
2017-05-23 04:29:00
nvd
nvd
CVE-2015-4455
2017-05-23 04:29:00
nuclei
nuclei
patchstack
patchstack
cvelist
cvelist
CVE-2015-4455
2017-05-23 03:56:00