Unrestricted File Upload in Complete Gallery Manager Plugin for WordPress
CVE-2013-5962

Currently unrated

Key Information:

Vendor

Wordpress
Status
Complete Gallery Manager Plugin
Vendor
CVE Published:
30 September 2013

What is CVE-2013-5962?

The Complete Gallery Manager plugin for WordPress is susceptible to an unrestricted file upload vulnerability in its upload functionality. This flaw allows remote attackers to upload malicious files by exploiting the 'upload-images.php' script. If successful, the attackers can execute arbitrary code by accessing the uploaded files directly through URL requests, potentially leading to unauthorized actions on the affected server. Users are strongly advised to upgrade to the latest version to mitigate the risk associated with this vulnerability.

References

http://packetstormsecurity.com/files/123303
x_refsource_MISC
http://codecanyon.net/item/complete-gallery-manager-for-w...
x_refsource_CONFIRM
http://www.vulnerability-lab.com/get_content.php?id=1080
x_refsource_MISC

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.