1. CVE-Search
  2. CVE-2013-5962
ID CVE-2013-5962
Summary Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
References
Vulnerable Configurations
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.0:rev25273:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.0:rev25273:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.1:rev25421:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.1:rev25421:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.2:rev25487:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:1.0.2:rev25487:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.0:rev27524:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.0:rev27524:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.1:rev27876:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.1:rev27876:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.2:rev28693:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.2:rev28693:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.3:rev28734:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:2.0.3:rev28734:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.0:rev29469:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.0:rev29469:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.1:rev29536:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.0.1:rev29536:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.0:rev30003:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.0:rev30003:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.1:rev30900:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.1.1:rev30900:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.0:rev31030:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.0:rev31030:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.1:rev33197:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.1:rev33197:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.2:rev33971:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.2:rev33971:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.3:rev34390:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.3:rev34390:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.4:rev34757:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.4:rev34757:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.5:rev34942:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.5:rev34942:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.6:rev36235:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.6:rev36235:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.7:rev36257:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.7:rev36257:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.8:rev36369:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.2.8:rev36369:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.0:rev36620:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.0:rev36620:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.1:rev38906:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.1:rev38906:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.2:rev39009:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.2:rev39009:*:*:*:*:*:*
  • cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.3:rev39177:*:*:*:*:*:*
    cpe:2.3:a:envato:complete_gallery_manager_plugin:3.3.3:rev39177:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20130918 Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
confirm http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606
exploit-db 28377
misc
secunia 54894
xf completegallery-uploadimages-file-upload(87172)
Last major update 29-08-2017 - 01:33
Published 30-09-2013 - 22:55
Last modified 29-08-2017 - 01:33
Back to Top