CVE-2015-1172
published 2015-02-11CVE-2015-1172: Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote…
PriorityP272high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
59.25%
99.0th percentile
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| holding_pattern_project | holding_pattern | <= 0.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP POST requests to the WordPress theme path `holding_pattern/admin/upload-file.php` — the endpoint performs no session or file validation. ↗
- →Flag any file uploaded with a `.php` extension into the WordPress themes directory, particularly under `holding_pattern/uploads/`. ↗
- ·The exploit targets all versions of the Holding Pattern theme (0.6 and earlier); version checks against the theme readme can be used to identify vulnerable installations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
exploitdb·2015-02-11
CVE-2015-1172 WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'socket'
class MetasploitModule 'WordPress Holding Pattern Theme Arbitrary File Upload',
'Description' => %q{
This module exploits a file upload vulnerability in all versions of the
Holding Pattern theme found in the upload_file.php script which contains
no session or file validation. It allows unauthenticated users to upload
files of any type and subsequently execute PHP scripts in the context of
the web server.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Alexander Borg', # Vulnerability disclosure
'Rob Carr ' # Metasploit module
],
'References' =>
Metasploit
WordPress Holding Pattern Theme Arbitrary File Upload
metasploit
WordPress Holding Pattern Theme Arbitrary File Upload
WordPress Holding Pattern Theme Arbitrary File Upload
This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.htmlhttp://www.securityfocus.com/bid/72546https://wpvulndb.com/vulnerabilities/7784http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.htmlhttp://www.securityfocus.com/bid/72546https://wpvulndb.com/vulnerabilities/7784
2015-02-11
Published