CVE-2015-1365

Pixabay Images <2.4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1365. PoCs published by Hans-Martin Muench.

AI-analyzed exploit summary This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.

Description

Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.

Exploits (1)

exploitdb WORKING POC

by Hans-Martin Muench · textwebappsphp

https://www.exploit-db.com/exploits/35846

View Code ZIP pw:eip

This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WP Pixabay Images WordPress Plugin 2.3

No auth needed

Prerequisites: Target running vulnerable WP Pixabay Images plugin (2.3) · Network access to the WordPress admin interface

MITRE ATT&CK