Vulnerabilities > CVE-2018-6195 - Unspecified vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
splashing-images-project
NVD
Published: 2018-01-30
Updated: 2022-12-02

Summary

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

Vulnerable Configurations

Part Description Count
Application
Splashing_Images_Project
3

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/146109/wpsplashingimages21-xss.txt
idPACKETSTORM:146109
last seen2018-01-29
published2018-01-26
reporterNicolas Buzy-Debat
sourcehttps://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html
titleWordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection

References