CVE

Id
82958  
CVE No.
CVE-2015-5681  
Status
Candidate  
Description
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.  
Phase
Assigned (20150727)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
741532 82958 CVE-2015-5681 FULLDISC:20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3  View
741533 82958 CVE-2015-5681 URL:http://seclists.org/fulldisclosure/2015/Jul/64  View
741534 82958 CVE-2015-5681 MLIST:[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3  View
741535 82958 CVE-2015-5681 URL:http://www.openwall.com/lists/oss-security/2015/07/20/1  View
741536 82958 CVE-2015-5681 MLIST:[oss-security] 20150727 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3  View
741537 82958 CVE-2015-5681 URL:http://www.openwall.com/lists/oss-security/2015/07/27/8  View
741538 82958 CVE-2015-5681 MISC:http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
10465 JVNDB-2015-005785 WordPress の wp-admin/js/nav-menu.js の refreshAdvancedAccessibilityOfItem 関数におけるクロスサイトスクリプティングの脆弱性 WordPress の wp-admin/js/nav-menu.js の refreshAdvancedAccessibilityOfItem 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2015-5733 82958 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005785.html  View