CVE-2014-6446CVE-2014-6446

Affected configuration(s):

cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.3::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4.1::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4.2::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.5::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.6::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7.1::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7.2::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.8::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.8.1::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9.1::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9.2::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9.3::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9.4::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.9.5::~~~wordpress~~
cpe:/a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.10::~~~wordpress~~

Date published: 2014-09-26T17:55:07.097-04:00

Date last modified: 2015-10-01T13:08:44.133-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/131002/Wordpress-InfusionSoft-Shell-Upload.html

Summary: The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.