Vulnerabilities > CVE-2015-6967 - Unspecified vulnerability in Nibbleblog 4.0.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nibbleblog

exploit available

metasploit

NVD

Published: 2015-09-16

Updated: 2015-09-17

Summary

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Nibbleblog Nibbleblog Nibbleblog 4.0.1	1

Exploit-Db

description	Nibbleblog File Upload Vulnerability. CVE-2015-6967. Remote exploit for php platform
id	EDB-ID:38489
last seen	2016-02-04
modified	2015-10-19
published	2015-10-19
reporter	metasploit
source	https://www.exploit-db.com/download/38489/
title	Nibbleblog File Upload Vulnerability

Metasploit

description	Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 4.0.3.
id	MSF:EXPLOIT/MULTI/HTTP/NIBBLEBLOG_FILE_UPLOAD
last seen	2020-05-29
modified	2018-07-12
published	2015-09-10
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6967 http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/nibbleblog_file_upload.rb
title	Nibbleblog File Upload Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

References