National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2013-5962 Detail

Current Description

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Source:  MITRE
View Analysis Description

Evaluator Description

Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: N/A
NVD score not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://archives.neohapsis.com/archives/bugtraq/2013-09/0090.html Exploit
http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606
http://packetstormsecurity.com/files/123303 Exploit
http://www.exploit-db.com/exploits/28377
http://www.vulnerability-lab.com/get_content.php?id=1080 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/87172

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:envato:complete_gallery_manager_plugin:1.0.0:rev25273
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:1.0.1:rev25421
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:1.0.2:rev25487
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:2.0.0:rev27524
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:2.0.1:rev27876
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:2.0.2:rev28693
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:2.0.3:rev28734
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.0.0:rev29469
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.0.1:rev29536
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.1.0:rev30003
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.1.1:rev30900
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.0:rev31030
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.1:rev33197
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.2:rev33971
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.3:rev34390
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.4:rev34757
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.5:rev34942
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.6:rev36235
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.7:rev36257
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.2.8:rev36369
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.3.0:rev36620
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.3.1:rev38906
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin:3.3.2:rev39009
     Show Matching CPE(s)
 cpe:/a:envato:complete_gallery_manager_plugin::rev39177
     Show Matching CPE(s)
Up to (including)
3.3.3


Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2013-5962
NVD Published Date:
09/30/2013
NVD Last Modified:
08/28/2017