[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a serious security vulnerability in the Slideshow Gallery
> plugin. This bug allows an attacker to upload any php file remotely to
> the vulnerable website (administrator by default).
>
> I have tested and verified that having the current version of the
> plugin installed in a WordPress installation will allow any registered
> user (Administrator, Editor, Author, Contributor and Subscriber), to
> upload a PHP shell to exploit the host system.
>
> Today (2014-08-29), I did the notification to vendor and they gave me
> feedback about the vulnerability by email. The vendor has released a
> patch a few hours ago. (SlideShow Gallery version 1.4.7 at
> https://wordpress.org/plugins/slideshow-gallery/changelog).

> 1.4.7
>  FIX: Possible shell exploit by uploading PHP file as slide

> POST http://192.168.31.128/wordpress/wp-admin/admin.php?page=slideshow-slides&method=save
> Content-Type: multipart/form-data
>
> WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.
>  @jesusrpichardo
>  @whitexploit
>  http://whitexploit.blogspot.mx/
> Vendor Homepage: http://tribulant.com/
> Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip

Use CVE-2014-5460.

- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUAUSGAAoJEKllVAevmvmsfgsH/1wdmz8/fK6/c5esD/XchVeZ
+PNY6HY4w6Aq37s+QzGJilwK+/lhPIkpQbwlF1dhqTXhRY1B2M12EWjkZiewtha8
0Tmm0AT/itJpt0IIGQc5xKDz3ftFqwIjvnFRTu+UPGPpnL+FA+Kfsl8gi+dFbpyS
HHkccUv793w39x2s8ynnBxtzPjHKKhCmya68cB2hAzHgmfg8rV/ydgxAgi1Kb3Kc
2TeK5LZ2iMPijXqBmrMd8IaGmf49FElpKBAx1tj9fPDTgepMKQxSOk5g+cnzZ/Zm
k6DcZmxPmwuJUBDJdsWkVVxJsP8ofmMdH1yMiHqLLGYxtvlItfOb8FHCbhcCKAE=
=Xmvx
-----END PGP SIGNATURE-----