CVE-2015-1375

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html	Exploit
http://seclists.org/fulldisclosure/2015/Jan/75	Exploit
http://www.exploit-db.com/exploits/35846	Exploit
http://www.openwall.com/lists/oss-security/2015/01/25/5
http://www.osvdb.org/117146
http://www.securityfocus.com/archive/1/534505/100/0/threaded
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

Configurations

Configuration 1 (hide)

cpe:2.3:a:pixabay_images_project:pixabay_images:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2015-01-28 11:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-1375

Mitre link : CVE-2015-1375

CVE.ORG link : CVE-2015-1375

JSON object : View

Products Affected

pixabay_images_project

pixabay_images

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-1375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-28T11:59:00.040", "references": [{"url": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2015/Jan/75", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/35846", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/25/5", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/117146", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/534505/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files."}, {"lang": "es", "value": "pixabay-images.php en el plugin Pixabay Images anterior a 2.4 para WordPress no restringe correctamente el acceso a la funcionalidad de subida, lo que permite a atacantes remotos escribir a ficheros arbitrarios."}], "lastModified": "2018-10-09T19:55:48.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixabay_images_project:pixabay_images:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "65CE719E-3DE5-4CCE-BD69-3BFFC0A862FB", "versionEndIncluding": "2.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}