CVE-2015-4133
published 2015-05-28CVE-2015-4133: Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to…
PriorityP275high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
61.61%
99.1th percentile
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reflex_gallery_project | reflex_gallery | <= 3.1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php?Year=<year>&Month=<month>↗
- →Detect multipart/form-data POST requests to the vulnerable uploader endpoint with a PHP file extension in the 'qqfile' filename field ↗
- →Alert on HTTP GET requests to /wp-content/uploads/<year>/<month>/*.php, indicating execution of an uploaded PHP webshell ↗
- →Check installed Reflex Gallery plugin version against readme; versions before 3.1.4 are vulnerable ↗
- →Monitor for PHP files appearing in the WordPress uploads directory (wp-content/uploads/), which should not contain executable scripts ↗
- ·The uploaded PHP payload filename is randomly generated (8–16 random alpha characters) per exploit invocation, so filename-based static signatures will not reliably detect all variants ↗
- ·The upload destination path includes the current year and month at time of exploitation, so the exact upload path will vary over time ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Reflex Gallery - Arbitrary File Upload (Metasploit)
exploitdb·2015-04-21
CVE-2015-4133 WordPress Plugin Reflex Gallery - Arbitrary File Upload (Metasploit)
WordPress Plugin Reflex Gallery - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Wordpress Reflex Gallery Upload Vulnerability',
'Description' => %q{
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery
version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
},
'Author' =>
[
'Unknown', # Vulnerability discovery
'Roberto Soares Espreto ' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
['EDB', '36374'],
['OSVDB', '88853'],
['WPVDB', '7867']
],
'Privileged' => false,
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Targets' => [['Reflex Gallery 3.1
Metasploit
Wordpress Reflex Gallery Upload Vulnerability
metasploit
Wordpress Reflex Gallery Upload Vulnerability
Wordpress Reflex Gallery Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/88853http://packetstormsecurity.com/files/130845/http://packetstormsecurity.com/files/131515/http://www.securityfocus.com/bid/57100https://wordpress.org/plugins/reflex-gallery/changelog/https://wpvulndb.com/vulnerabilities/7867https://www.exploit-db.com/exploits/36809/http://osvdb.org/show/osvdb/88853http://packetstormsecurity.com/files/130845/http://packetstormsecurity.com/files/131515/http://www.securityfocus.com/bid/57100https://wordpress.org/plugins/reflex-gallery/changelog/https://wpvulndb.com/vulnerabilities/7867https://www.exploit-db.com/exploits/36809/
2015-05-28
Published