what you don't know can hurt you

WordPress Holding Pattern 0.6 Shell Upload

WordPress Holding Pattern 0.6 Shell Upload
Posted Feb 6, 2015
Authored by Alexander Borg

WordPress Holding Pattern theme version 0.6 suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell
advisories | CVE-2015-1172
MD5 | 1d4213e2d4dcb17214526b8c084ab4c5

WordPress Holding Pattern 0.6 Shell Upload

Change Mirror Download
Product: holding_pattern
Vendor: Liftux
Vulnerable Version(s): 0.6 and prior
Tested Version: 0.6
Advisory Publication: January 18, 2015
Vendor Notification: January 14, 2015
Public Disclosure: January 18, 2015
Vulnerability Type: Exec Code
Authentication: Not required to exploit
CVE Reference: CVE-2015-1172
Risk Level: Medium
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Solution Status: Solution Unavailable, Product EOL
Discovered and Provided: Alexander Borg ( http://www.servernet.se )

-----------------------------------------------------------------------------------------------

Advisory Details:

The holding_pattern Wordpress-theme is prone to a vulnerability that allows attackers to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed.

An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation.

-----------------------------------------------------------------------------------------------

Solution:

Disclosure timeline:
2015-01-14 Vendor Alerted via email.
2015-01-14 Fix Requested via email.
2015-01-14 Vendor made clear no patch will be available.
2015-01-18 Public disclosure.

Currently we are not aware of any official solution for this vulnerability. Product is EOL and no security fixes will be made available.
Temporary solution may be to remove the file admin/upload-file.php

-----------------------------------------------------------------------------------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible.
Login or Register to add favorites

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close