CVE Vulnerabilities

CVE-2015-5682

Published: May 23, 2017 | Modified: Apr 20, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

Affected Software

Name Vendor Start Version End Version
Powerplay_gallery Powerplay_gallery_project 3.3 (including) 3.3 (including)

References