CVE-2015-4133

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2015
Last modified:
12/04/2025

Description

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:reflex_gallery_project:reflex_gallery:*:*:*:*:*:wordpress:*:* 3.1.3 (including)