Home > Vulnerability Database > CVE-2015-10087

Mend Vulnerability Database

CVE-2015-10087

Good to know:

Date: March 7, 2023

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Language: PHP

Severity Score

8.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-10087

Url: https://www.exploit-db.com/exploits/36372

Url: https://github.com/CCrashBandicot/exploit/commit/53f6ae62878076f99718e5feb589928e83c879a9

Url: https://support.alertlogic.com/hc/en-us/articles/360028203692-WordPress-Theme-DesignFolio-Plus-1-2-upload-file-php-Arbitrary-File-Upload

Url: https://www.mend.io/vulnerability-database/CVE-2015-10087

Severity Score

8.8

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

No fix version available

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend Vulnerability Database

We found results for “”

CVE-2015-10087

Good to know:

Date: March 7, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?