Vulnerabilities > CVE-2013-5962 - Unspecified vulnerability in Envato Complete Gallery Manager Plugin

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
envato
exploit available
NVD
Published: 2013-09-30
Updated: 2024-11-21

Summary

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Vulnerable Configurations

Part Description Count
Application
Envato
24

Exploit-Db

descriptionWordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability. CVE-2013-5962. Webapps exploit for php platform
fileexploits/php/webapps/28377.txt
idEDB-ID:28377
last seen2016-02-03
modified2013-09-18
platformphp
port
published2013-09-18
reporterVulnerability-Lab
sourcehttps://www.exploit-db.com/download/28377/
titleWordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
typewebapps

References