| Name | CVE_2014_5460 |
| CVE | CVE-2014-5460 |
| Exploit Pack | CANVAS |
| Description | CVE-2014-5460 |
| Notes | CVE Name: CVE-2014-5460 VENDOR: Tribulant Changelog: https://wordpress.org/plugins/slideshow-gallery/changelog/ Notes: If the Suhosin-Patch is installed (typically announced in the PHP banner) the MOSDEF PHP shell startup will not work however the vulnerability will still be exploitable. This is a post authentication shell upload vulnerability in a popular (400k+ downloads) wordpress plugin. By default only admins can reach the vulnerability. The plugin does allow for administrators to give any class of user the ability to interact with the vulnerable functionality, though they would have to do so deliberately. Repeatability: Infinite References: http://packetstormsecurity.com/files/128069/WordPress-Slideshow-Gallery-1.4.6-Shell-Upload.html CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5460 CERT Advisory: None Date public: 08/31/14 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |