CVE-2015-5682

EUVD-2015-5632
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
powerplay_gallery_projectpowerplay_gallery
3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/07/27/8
http://www.vapid.dhs.org/advisory.php?v=132
http://www.openwall.com/lists/oss-security/2015/07/27/8
http://www.vapid.dhs.org/advisory.php?v=132