Arbitrary Directory Creation in Powerplay Gallery Plugin by WordPress
CVE-2015-5682

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Powerplay Gallery
Vendor: CVE Published:; 23 May 2017

Summary

The Powerplay Gallery plugin 3.3 for WordPress contains a vulnerability in its upload.php file that enables remote attackers to create arbitrary directories. This is achieved through manipulation of the targetDir variable, which may allow unauthorized access and potential execution of malicious files on the server. Proper validation and sanitization measures are essential to mitigate this security risk.

References

http://www.vapid.dhs.org/advisory.php?v=132

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/07/27/8

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2017
Vulnerability Reserved
Jul 27, 2015