BID:69485

WordPress Slideshow Gallery Plugin 'admin.php' Arbitrary File Upload Vulnerability

Info

WordPress Slideshow Gallery Plugin 'admin.php' Arbitrary File Upload Vulnerability

Bugtraq ID:	69485
Class:	Input Validation Error
CVE:	CVE-2014-5460
Remote:	Yes
Local:	No
Published:	Aug 30 2014 12:00AM
Updated:	Aug 30 2014 12:00AM
Credit:	Jesús Ramírez Pichardo
Vulnerable:	Tribulant Software Slideshow Gallery 1.4.6

Not Vulnerable:	Tribulant Software Slideshow Gallery 1.4.7

Discussion

WordPress Slideshow Gallery Plugin 'admin.php' Arbitrary File Upload Vulnerability

The Slideshow Gallery plugin for WordPress is prone to an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Slideshow Gallery 1.4.6 is vulnerable; other versions may also be affected.

Exploit / POC

WordPress Slideshow Gallery Plugin 'admin.php' Arbitrary File Upload Vulnerability

Attackers can exploit this issue through a browser and readily available tools.

References

WordPress Slideshow Gallery Plugin 'admin.php' Arbitrary File Upload Vulnerability

References:

Slideshow Gallery Changelog (WordPress)
Slideshow Gallery Homepage (Tribulant Software)
WordPress HomePage (WordPress)
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) (jesus)