CVE-2013-5962
Envato Complete Gallery Manager Plugin - Unrestricted File Upload
Title source: ruleDescription
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
Exploits (1)
exploitdb
WORKING POC
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/28377
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/123303
Various Sources x_refsource_confirm
http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606
Exploit x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=1080
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/28377
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/87172
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-09/0090.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54894
Scores
EPSS
0.2658
EPSS Percentile
96.4%
Details
Status
published
Products (24)
envato/complete_gallery_manager_plugin
1.0.0 rev25273
envato/complete_gallery_manager_plugin
1.0.1 rev25421
envato/complete_gallery_manager_plugin
1.0.2 rev25487
envato/complete_gallery_manager_plugin
2.0.0 rev27524
envato/complete_gallery_manager_plugin
2.0.1 rev27876
envato/complete_gallery_manager_plugin
2.0.2 rev28693
envato/complete_gallery_manager_plugin
2.0.3 rev28734
envato/complete_gallery_manager_plugin
3.0.0 rev29469
envato/complete_gallery_manager_plugin
3.0.1 rev29536
envato/complete_gallery_manager_plugin
3.1.0 rev30003
... and 14 more
Published
Sep 30, 2013
Tracked Since
Feb 18, 2026