HTTP: WordPress Plugin Arbitrary Image Upload
This signature detects an attempt to exploit a known vulnerability in WordPress Plugin base. Successful exploitation could allow an attacker to execute arbitrary files and launch further RFI based attacks into the context of the web application.
Extended Description
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
Affected Products
Envato complete_gallery_manager_plugin
References
CVE: CVE-2013-5962
Short Name
HTTP:MISC:WP-IMG-UPLOAD
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2013-5962 Image Plugin Upload WordPress
Release Date
09/18/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Envato
CVSS Score
5.1