Vulnerabilities > CVE-2015-6967 - Unspecified vulnerability in Nibbleblog
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | Nibbleblog File Upload Vulnerability. CVE-2015-6967. Remote exploit for php platform |
| id | EDB-ID:38489 |
| last seen | 2016-02-04 |
| modified | 2015-10-19 |
| published | 2015-10-19 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/38489/ |
| title | Nibbleblog File Upload Vulnerability |
Metasploit
| description | Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 4.0.3. |
| id | MSF:EXPLOIT/MULTI/HTTP/NIBBLEBLOG_FILE_UPLOAD |
| last seen | 2020-05-29 |
| modified | 2018-07-12 |
| published | 2015-09-10 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/nibbleblog_file_upload.rb |
| title | Nibbleblog File Upload Vulnerability |
References
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html
- http://seclists.org/fulldisclosure/2015/Sep/5
- http://seclists.org/fulldisclosure/2015/Sep/5