Vulnerabilities > CVE-2015-4133 - Unspecified vulnerability in Reflex Gallery Project Reflex Gallery

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

reflex-gallery-project

exploit available

metasploit

NVD

Published: 2015-05-28

Updated: 2016-11-28

Summary

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Reflex_Gallery_Project Reflex Gallery Project Reflex Gallery 1.0 Reflex Gallery Project Reflex Gallery 1.1 Reflex Gallery Project Reflex Gallery 1.2 Reflex Gallery Project Reflex Gallery 1.3 Reflex Gallery Project Reflex Gallery 1.4 Reflex Gallery Project Reflex Gallery 1.4.1 Reflex Gallery Project Reflex Gallery 1.4.2 Reflex Gallery Project Reflex Gallery 1.4.3 Reflex Gallery Project Reflex Gallery 1.4.4 Reflex Gallery Project Reflex Gallery 1.4.5 Reflex Gallery Project Reflex Gallery 1.4.6 Reflex Gallery Project Reflex Gallery 1.4.7 Reflex Gallery Project Reflex Gallery 1.4.8 Reflex Gallery Project Reflex Gallery 2.0 Reflex Gallery Project Reflex Gallery 2.1 Reflex Gallery Project Reflex Gallery 2.2 Reflex Gallery Project Reflex Gallery 2.3 Reflex Gallery Project Reflex Gallery 2.4 Reflex Gallery Project Reflex Gallery 2.5 Reflex Gallery Project Reflex Gallery 3.0 Reflex Gallery Project Reflex Gallery 3.0.1 Reflex Gallery Project Reflex Gallery 3.1 Reflex Gallery Project Reflex Gallery 3.1.1 Reflex Gallery Project Reflex Gallery 3.1.2 Reflex Gallery Project Reflex Gallery 3.1.3	25

Exploit-Db

description	Wordpress Reflex Gallery Upload Vulnerability. Remote exploit for php platform
file	exploits/php/remote/36809.rb
id	EDB-ID:36809
last seen	2016-02-04
modified	2015-04-21
platform	php
port	80
published	2015-04-21
reporter	metasploit
source	https://www.exploit-db.com/download/36809/
title	WordPress Reflex Gallery Upload Vulnerability
type	remote

Metasploit

description	This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
id	MSF:AUXILIARY/ADMIN/ORACLE/OSB_EXECQR2
last seen	2020-06-14
modified	2018-07-08
published	2015-04-16
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4133
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb
title	Wordpress Reflex Gallery Upload Vulnerability

description	This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
id	MSF:EXPLOIT/UNIX/WEBAPP/WP_REFLEXGALLERY_FILE_UPLOAD
last seen	2020-06-01
modified	2018-07-08
published	2015-04-16
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4133
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb
title	Wordpress Reflex Gallery Upload Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

References