CVE-2013-5962

Gallery Manager Plugin < 3.3.4 rev40279 - Unauthenticated Arbitrary File Upload and RCE via upload-images.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5962. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in WordPress Plugin Complete Gallery Manager 3.3.3. It allows remote attackers to upload malicious files via POST method to the upload-images.php file, leading to potential remote code execution.

Description

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/28377

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in WordPress Plugin Complete Gallery Manager 3.3.3. It allows remote attackers to upload malicious files via POST method to the upload-images.php file, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Complete Gallery Manager 3.3.3

No auth needed

Prerequisites: Access to the vulnerable upload-images.php endpoint

MITRE ATT&CK