CVE-2015-1375

Pixabay Images <2.4 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1375. PoCs published by Hans-Martin Muench.

AI-analyzed exploit summary This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.

Description

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

Exploits (1)

exploitdb WORKING POC

by Hans-Martin Muench · textwebappsphp

https://www.exploit-db.com/exploits/35846

View Code ZIP pw:eip

This Python script exploits an authentication bypass and arbitrary file upload vulnerability in the WP Pixabay Images WordPress plugin (version 2.3). It allows an attacker to upload a malicious PHP file from a remote URL to a target WordPress site by leveraging path traversal and lack of host validation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WP Pixabay Images WordPress Plugin 2.3

No auth needed

Prerequisites: Target running vulnerable WP Pixabay Images plugin (2.3) · Network access to the WordPress admin interface

MITRE ATT&CK