CVE-2014-5460

This exploit targets a shell upload vulnerability in WordPress Slideshow Gallery plugin 1.4.6 (CVE-2014-5460). It authenticates as a user, then uploads a malicious file via a multipart form, bypassing restrictions to achieve remote code execution.

This exploit demonstrates a remote shell upload vulnerability in the WordPress Slideshow Gallery plugin version 1.4.6. It allows authenticated users to upload a PHP backdoor via a multipart form submission, leading to remote code execution.

This repository provides a technical writeup for CVE-2014-5460, detailing the exploit process with screenshots and usage instructions. It references an external exploit (Exploit-DB 34514) but does not include functional exploit code.

This Metasploit module exploits an authenticated file upload vulnerability in the WordPress SlideShow Gallery plugin (CVE-2014-5460), allowing arbitrary PHP file upload and remote code execution.