ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ReFlex Gallery Plugin <= 3.1.3 - Unrestricted File Upload

Product
Reflex Gallery
Description
This vulnerability is in admin/scripts/FileUploader/php.php. It allows an attacker to execute arbitrary PHP code by uploading a file with a PHP extension. And then an attacker can access it via a direct request to the file in uploads/ directory.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2015-4133
Versions
Affected In <= 3.1.3
Fixed In 3.1.4
Disclosure date
2015-05-28
Credits
Metasploit