Bugtraq mailing list archives
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
From: jesus.ramirez.pichardo () gmail com
Date: Sat, 30 Aug 2014 14:19:34 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website (administrator by default). I have tested and verified that having the current version of the plugin installed in a WordPress installation will allow any registered user (Administrator, Editor, Author, Contributor and Subscriber), to upload a PHP shell to exploit the host system. Today (2014-08-29), I did the notification to vendor and they gave me feedback about the vulnerability by email. The vendor has released a patch a few hours ago. (SlideShow Gallery version 1.4.7 at https://wordpress.org/plugins/slideshow-gallery/changelog).
1.4.7 FIX: Possible shell exploit by uploading PHP file as slide
POST http://192.168.31.128/wordpress/wp-admin/admin.php?page=slideshow-slides&method=save Content-Type: multipart/form-data WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. @jesusrpichardo @whitexploit http://whitexploit.blogspot.mx/ Vendor Homepage: http://tribulant.com/ Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip
Use CVE-2014-5460. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUAUSGAAoJEKllVAevmvmsfgsH/1wdmz8/fK6/c5esD/XchVeZ +PNY6HY4w6Aq37s+QzGJilwK+/lhPIkpQbwlF1dhqTXhRY1B2M12EWjkZiewtha8 0Tmm0AT/itJpt0IIGQc5xKDz3ftFqwIjvnFRTu+UPGPpnL+FA+Kfsl8gi+dFbpyS HHkccUv793w39x2s8ynnBxtzPjHKKhCmya68cB2hAzHgmfg8rV/ydgxAgi1Kb3Kc 2TeK5LZ2iMPijXqBmrMd8IaGmf49FElpKBAx1tj9fPDTgepMKQxSOk5g+cnzZ/Zm k6DcZmxPmwuJUBDJdsWkVVxJsP8ofmMdH1yMiHqLLGYxtvlItfOb8FHCbhcCKAE= =Xmvx -----END PGP SIGNATURE-----
Current thread:
- WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo (Sep 01)
- <Possible follow-ups>
- WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) jesus . ramirez . pichardo (Sep 01)