Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1376

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-1376
Last Modified 28 Jan 2015 12:05:38
Published 28 Jan 2015 06:59:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-1376

Summary

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

Vulnerable Systems

Application

  • Pixabay Images Project Pixabay Images 2.3


References

CONFIRM - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

BUGTRAQ - 20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

MLIST - [oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

EXPLOIT-DB - 35846

FULLDISC - 20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

MISC - http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html


Last Updated: 27 May 2016 11:07:38