11 Sep 2017
CVE-2015-8351 - CVE Vulnerability
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. (CVSS:0.0) (Last Update:2017-09-11)
Vulnerability Details : PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. Publish Date : 2017-09-11 Last Update Date : 2017-09-11 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-8351
- References For CVE-2015-8351
| ||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-8351There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |