cbcvebase.
CVE-2014-9312
published 2017-08-28

CVE-2014-9312: Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

PriorityP272high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
45.35%
98.6th percentile
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

Affected

1 ranges
VendorProductVersion rangeFixed in
10webphoto_gallery

Detection & IOCsextracted from sources · hover to see the quote

pathfilemanager/UploadHandler.php
path/wp-admin/rce/
  • Monitor for POST requests targeting filemanager/UploadHandler.php within the WordPress photo-gallery plugin path, especially from low-privileged authenticated users (Subscriber role).
  • Detect ZIP archive uploads containing .php files to the photo-gallery plugin upload endpoint, as the exploit packs PHP webshells into ZIP archives for upload.
  • Alert on the presence of or HTTP requests to /wp-admin/rce/ which is where uploaded malicious files are accessible post-exploitation.
  • The post() method in UploadHandler.php does not sanitize uploads; flag any PHP file execution originating from the photo-gallery plugin's upload/filemanager directory.
  • ·Exploit was tested specifically against version 1.2.5 of the Photo Gallery plugin; version 1.2.6 patches the vulnerability.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.