CVE-2014-5014

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
25/04/2018
Last modified:
25/05/2018

Description

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:tinywebgallery:wordpress_flash_uploader:*:*:*:*:*:wordpress:*:* 3.1.3 (excluding)