Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1365

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1365
Last Modified 29 Jan 2015 09:59:10
Published 27 Jan 2015 03:04:21
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1365

Summary

Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.

Vulnerable Systems

Application

  • Pixabay Images Project Pixabay Images 2.3


References

CONFIRM - https://wordpress.org/plugins/pixabay-images/changelog/

MISC - https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt

CONFIRM - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

XF - pixarbay-wordpress-q-dir-traversal(100036)

BUGTRAQ - 20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

EXPLOIT-DB - 35846

FULLDISC - 20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

MISC - http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

OSVDB - 117147

MLIST - [oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities


Last Updated: 27 May 2016 11:07:38