Intrusion PreventionWordPress.Pica.Photo.Gallery.Plugin.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in PICA Photo Gallery Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.
Affected Products
Wordpress Pica Photo Gallery 1.0
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.
Recommended Actions
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-02-01 | 14.540 | Name:Wordpress. Pica. Photo. Gallery. Plugin. Arbitrary. File. Upload:WordPress. Pica. Photo. Gallery. Plugin. Arbitrary. File. Upload |
References
http://www.exploit-db.com/exploits/19055/| ID | 34829 |
| Created | Mar 26, 2013 |
| Updated | Aug 22, 2022 |
| Risk |
|
| CVE ID | |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |