Main Vulnerability Database Exploits ID:1723 - Exploit for Arbitrary file upload in Slideshow Gallery - CVE-2014-5460

ID:1723 - Exploit for Arbitrary file upload in Slideshow Gallery - CVE-2014-5460

Published: March 18, 2020

Vulnerability identifier: #VU15398

Vulnerability risk: Medium

CVE-ID: CVE-2014-5460

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
Slideshow Gallery

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_slideshowgallery_upload

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of uploading files in wp-content/uploads/slideshow-gallery/. A remote authenticated user can upload and execute arbitrary PHP file on the server.

Remediation

Install updates from vendor's website.

ID:1723 - Exploit for Arbitrary file upload in Slideshow Gallery - CVE-2014-5460

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human