CVE-2014-5460 – Wordpress SlideShow Gallery Authenticated File Upload

https://notcve.org/view.php?id=CVE-2014-5460

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. Vulnerabilidad de la subida de ficheros sin restricciones en el plugin Tribulant Slideshow Gallery anterior a 1.4.7 para WordPress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fichero PHP, posteriormente accediendo a ello a través de una solicitud directa al fichero en wp-content/uploads/slideshow-gallery/. The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type. • https://www.exploit-db.com/exploits/34681 https://www.exploit-db.com/exploits/34514 https://github.com/brookeses69/CVE-2014-5460 http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html http://secunia.com/advisories/60074 http://whitexploit.blogspot.mx/2014/08/wordpress-slideshow-gallery-146-shell.html http://www.exploit-db.com/exploits/34514 http://www.exploit-db.com/exploits/34681 http://www.securityfocus.com/archive/1/533281/100/0/threaded& • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •