Is CVE-2015-1172 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Holding_pattern_project Holding_pattern

CVE-2015-1172

Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension…

EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.

Affected products

Holding_pattern_project Holding_pattern
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
72546 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2015-1172?: CVE-2015-1172 is a vulnerability in Holding_pattern_project Holding_pattern. Published 2015-02-11.
Is CVE-2015-1172 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.