#VU15398 Arbitrary file upload in Slideshow Gallery - CVE-2014-5460

Cybersecurity Help s.r.o.

Published: 2018-10-17

Vulnerability identifier: #VU15398

Vulnerability risk: Medium

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2014-5460

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Slideshow Gallery
Web applications / Modules and components for CMS

Vendor: Tribulant Software

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of uploading files in wp-content/uploads/slideshow-gallery/. A remote authenticated user can upload and execute arbitrary PHP file on the server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Slideshow Gallery: 1.4.1 - 1.4.6

External links
https://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Arbitrary file upload in Tribulant Slideshow Gallery plugin for WordPress

Arbitrary file upload in Slideshow Gallery for WordPress