Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1375

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1375
Last Modified 28 Jan 2015 11:50:58
Published 28 Jan 2015 06:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1375

Summary

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Vulnerable Systems

Application

  • Pixabay Images Project Pixabay Images 2.3


References

CONFIRM - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

BUGTRAQ - 20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

OSVDB - 117146

MLIST - [oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

EXPLOIT-DB - 35846

FULLDISC - 20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

MISC - http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html


Last Updated: 27 May 2016 11:07:38