Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31171
HistoryOct 14, 2014 - 12:00 a.m.

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)

2014-10-1400:00:00
vulners.com
18

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a serious security vulnerability in the Slideshow Gallery
> plugin. This bug allows an attacker to upload any php file remotely to
> the vulnerable website (administrator by default).
>
> I have tested and verified that having the current version of the
> plugin installed in a WordPress installation will allow any registered
> user (Administrator, Editor, Author, Contributor and Subscriber), to
> upload a PHP shell to exploit the host system.
>
> Today (2014-08-29), I did the notification to vendor and they gave me
> feedback about the vulnerability by email. The vendor has released a
> patch a few hours ago. (SlideShow Gallery version 1.4.7 at
> https://wordpress.org/plugins/slideshow-gallery/changelog).

> 1.4.7
> FIX: Possible shell exploit by uploading PHP file as slide

> POST http://192.168.31.128/wordpress/wp-admin/admin.php?page=slideshow-slides&method=save
> Content-Type: multipart/form-data
>
> WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.
> @jesusrpichardo
> @whitexploit
> http://whitexploit.blogspot.mx/
> Vendor Homepage: http://tribulant.com/
> Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip

Use CVE-2014-5460.


CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUAUSGAAoJEKllVAevmvmsfgsH/1wdmz8/fK6/c5esD/XchVeZ
+PNY6HY4w6Aq37s+QzGJilwK+/lhPIkpQbwlF1dhqTXhRY1B2M12EWjkZiewtha8
0Tmm0AT/itJpt0IIGQc5xKDz3ftFqwIjvnFRTu+UPGPpnL+FA+Kfsl8gi+dFbpyS
HHkccUv793w39x2s8ynnBxtzPjHKKhCmya68cB2hAzHgmfg8rV/ydgxAgi1Kb3Kc
2TeK5LZ2iMPijXqBmrMd8IaGmf49FElpKBAx1tj9fPDTgepMKQxSOk5g+cnzZ/Zm
k6DcZmxPmwuJUBDJdsWkVVxJsP8ofmMdH1yMiHqLLGYxtvlItfOb8FHCbhcCKAE=
=Xmvx
-----END PGP SIGNATURE-----