QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6967

Published: Sep 16, 2015

Modified: Sep 17, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html

x_refsource_MISC

http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/

x_refsource_CONFIRM

20150902 NibbleBlog 4.0.3 - Code Execution - Not fixed

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.