CVE-2015-6967
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2015
Last modified:
12/04/2025
Description
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nibbleblog:nibbleblog:*:*:*:*:*:*:*:* | 4.0.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html
- http://seclists.org/fulldisclosure/2015/Sep/5
- http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html
- http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/
- http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html
- http://seclists.org/fulldisclosure/2015/Sep/5