CVE-2014-5460 – Slideshow Gallery < 1.4.7 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2014-5460

29 Aug 2014 — Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. Vulnerabilidad de la subida de ficheros sin restricciones en el plugin Tribulant Slideshow Gallery anterior a 1.4.7 para WordPress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fic... • https://packetstorm.news/files/id/128270 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •