Vulnerabilities > CVE-2015-2194 - Unspecified vulnerability in Digitalnature Fusion 3.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

digitalnature

NVD

Published: 2015-03-03

Updated: 2016-12-03

Summary

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Digitalnature Digitalnature Fusion 3.1	1

References

http://packetstormsecurity.com/files/130397/WordPress-Fusion-3.1-Arbitrary-File-Upload.html
http://www.securityfocus.com/bid/75341
https://wpvulndb.com/vulnerabilities/7795