-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I found a serious security vulnerability in the Slideshow Gallery > plugin. This bug allows an attacker to upload any php file remotely to > the vulnerable website (administrator by default). > > I have tested and verified that having the current version of the > plugin installed in a WordPress installation will allow any registered > user (Administrator, Editor, Author, Contributor and Subscriber), to > upload a PHP shell to exploit the host system. > > Today (2014-08-29), I did the notification to vendor and they gave me > feedback about the vulnerability by email. The vendor has released a > patch a few hours ago. (SlideShow Gallery version 1.4.7 at > https://wordpress.org/plugins/slideshow-gallery/changelog). > 1.4.7 > FIX: Possible shell exploit by uploading PHP file as slide > POST http://192.168.31.128/wordpress/wp-admin/admin.php?page=slideshow-slides&method=save > Content-Type: multipart/form-data > > WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. > @jesusrpichardo > @whitexploit > http://whitexploit.blogspot.mx/ > Vendor Homepage: http://tribulant.com/ > Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip Use CVE-2014-5460. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUAUSGAAoJEKllVAevmvmsfgsH/1wdmz8/fK6/c5esD/XchVeZ +PNY6HY4w6Aq37s+QzGJilwK+/lhPIkpQbwlF1dhqTXhRY1B2M12EWjkZiewtha8 0Tmm0AT/itJpt0IIGQc5xKDz3ftFqwIjvnFRTu+UPGPpnL+FA+Kfsl8gi+dFbpyS HHkccUv793w39x2s8ynnBxtzPjHKKhCmya68cB2hAzHgmfg8rV/ydgxAgi1Kb3Kc 2TeK5LZ2iMPijXqBmrMd8IaGmf49FElpKBAx1tj9fPDTgepMKQxSOk5g+cnzZ/Zm k6DcZmxPmwuJUBDJdsWkVVxJsP8ofmMdH1yMiHqLLGYxtvlItfOb8FHCbhcCKAE= =Xmvx -----END PGP SIGNATURE-----
