admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) prior to 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
splashing images project splashing images |