Lucene search
Alexander BorgWPVDB-ID:DD73C962-A565-4053-8CDC-C7D88B2BFAAEHistoryFeb 22, 2015 - 12:00 a.m.
Holding Pattern Theme <= 0.6 - Arbitrary File Upload
2015-02-2200:00:00
Alexander Borg
wpscan.com
4
An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. Disclosure timeline: 2015-01-14 Vendor Alerted via email. 2015-01-14 Fix Requested via email. 2015-01-14 Vendor made clear no patch will be available. 2015-01-18 Public disclosure. Currently we are not aware of any official solution for this vulnerability. Product is EOL and no security fixes will be made available. Temporary solution may be to remove the file admin/upload-file.php
| CPE | Name | Operator | Version |
|---|---|---|---|
| holding_pattern | eq | * |
Related
dsquare
dsquare
WordPress Holding Pattern Theme 0.6 File Upload
2015-02-17 00:00:00
securityvulns
securityvulns
CVE-2015-1172 Wordpress-theme remote arbitrary code
2015-02-23 00:00:00
zdt
zdt
WordPress Holding Pattern Theme Arbitrary File Upload Exploit
2015-03-03 00:00:00
Wordpress Theme Holding Pattern Arbitrary File Upload Vulnerability
2015-02-09 00:00:00
cvelist
cvelist
CVE-2015-1172
2015-02-11 19:00:00
checkpoint_advisories
checkpoint_advisories
WordPress Holding Pattern Theme Arbitrary File Upload (CVE-2015-1172)
2015-02-19 00:00:00
patchstack
patchstack
WordPress Holding Pattern Theme <= 0.6 - Unrestricted File Upload
2015-01-17 00:00:00
prion
prion
Unrestricted file upload
2015-02-11 19:59:00
packetstorm
packetstorm
WordPress Holding Pattern Theme Arbitrary File Upload
2015-02-24 00:00:00
cve
cve
CVE-2015-1172
2015-02-11 19:59:00
Related for WPVDB-ID:DD73C962-A565-4053-8CDC-C7D88B2BFAAE