Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103790
Category:Web application abuses
Title:WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
Summary:WordPress Complete Gallery Manager plugin is prone to a vulnerability; that lets attackers upload arbitrary files. The issue occurs because the application; fails to adequately sanitize user-supplied input.
Description:Summary:
WordPress Complete Gallery Manager plugin is prone to a vulnerability
that lets attackers upload arbitrary files. The issue occurs because the application
fails to adequately sanitize user-supplied input.

Vulnerability Insight:
The vulnerability is located in the
/plugins/complete-gallery-manager/frames/ path when processing to upload via the
upload-images.php file own malicious context or webshells. After the upload the
remote attacker can access the file with one extension and exchange it with the
other one to execute for example php codes.

Vulnerability Impact:
An attacker can exploit this vulnerability to upload arbitrary code
and run it in the context of the webserver process. This may facilitate unauthorized
access or privilege escalation. Other attacks are also possible.

Affected Software/OS:
WordPress Complete Gallery Manager v3.3.3

Solution:
Vendor updates are available.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.