CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5682 – Powerplay Gallery <= 3.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-5682
01 Jul 2015 — upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. El plugin Powerplay Gallery 3.3 para WordPress presenta una vulnerabilidad en el archivo Upload.php, que permite a atacantes remotos crear directorios arbitrarios a través de vectores relacionados con la variable targetDir. • http://www.openwall.com/lists/oss-security/2015/07/27/8 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2015-5599 – Powerplay Gallery <= 3.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-5599
27 Jun 2015 — Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. Vulnerabilidad de inyección SQL múltiple en upload.php en el plugin Powerplay Gallery 3.3 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un parámetro (1) albumid o (2) nombre. • http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •