Vulnerabilities > CVE-2015-1172 - Unspecified vulnerability in Holding Pattern Project Holding Pattern 0.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
D2sec
| name | WordPress Holding Pattern Theme 0.6 File Upload |
| url | http://www.d2sec.com/exploits/wordpress_holding_pattern_theme_0.6_file_upload.html |
Exploit-Db
| description | WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit). CVE-2015-1172. Webapps exploit for Linux platform |
| id | EDB-ID:41698 |
| last seen | 2017-03-23 |
| modified | 2017-03-23 |
| published | 2017-03-23 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/41698/ |
| title | WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit) |
Metasploit
| description | This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/WP_HOLDING_PATTERN_FILE_UPLOAD |
| last seen | 2020-06-01 |
| modified | 2018-10-01 |
| published | 2015-02-14 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1172 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb |
| title | WordPress Holding Pattern Theme Arbitrary File Upload |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/130460/wp_holding_pattern_file_upload.rb.txt |
| id | PACKETSTORM:130460 |
| last seen | 2016-12-05 |
| published | 2015-02-24 |
| reporter | Alexander Borg |
| source | https://packetstormsecurity.com/files/130460/WordPress-Holding-Pattern-Theme-Arbitrary-File-Upload.html |
| title | WordPress Holding Pattern Theme Arbitrary File Upload |
References
- http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html
- http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html
- http://www.securityfocus.com/bid/72546
- http://www.securityfocus.com/bid/72546
- https://wpvulndb.com/vulnerabilities/7784
- https://wpvulndb.com/vulnerabilities/7784