Vulnerability Description
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nibbleblog | Nibbleblog | <= 4.0.4 |
References
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.htmlExploit
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/Exploit
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.htmlExploit
- http://seclists.org/fulldisclosure/2015/Sep/5Exploit
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.htmlExploit
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/Exploit
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.htmlExploit
- http://seclists.org/fulldisclosure/2015/Sep/5Exploit
FAQ
What is CVE-2015-6967?
CVE-2015-6967 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then a...
How severe is CVE-2015-6967?
CVE-2015-6967 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6967?
Check the references section above for vendor advisories and patch information. Affected products include: Nibbleblog Nibbleblog.