WordPress Tribulant Slideshow Gallery Plugin Arbitrary File Upload Vulnerability


Description   Jesus Ramirez Pichardo has reported a vulnerability in the Tribulant Slideshow Gallery plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application not properly validating uploaded file types when handling slides, which can be exploited to upload and execute arbitrary PHP code.
Successful exploitation of this vulnerability requires "Manage Slides" privileges.
The vulnerability is reported in versions prior to 1.4.7.
     
Vulnerable Products   Vulnerable Software:
WordPress Tribulant Slideshow Gallery Plugin 1.x
     
Solution   Update to version 1.4.7.
     
CVE   CVE-2014-5460
     
References   Tribulant Slideshow Gallery:
https://wordpress.org/plugins/slideshow-gallery/changelog/
Jesus Ramirez Pichardo:
http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Upload of a PHP file in a vulnerable web application
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2014-09-08 

 Target Type 
Server 

 Possible exploit 
Remote