6.5

CVE-2014-2558

Exploit

File Gallery < 1.7.9.2 - Remote Code Execution

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Mögliche Gegenmaßnahme
File Gallery: Update to version 1.7.9.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt File Gallery
Version [*, 1.7.9.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SkypheFile-gallery SwPlatformwordpress Version <= 1.7.9
SkypheFile-gallery Version1.1 SwPlatformwordpress
SkypheFile-gallery Version1.2 SwPlatformwordpress
SkypheFile-gallery Version1.3 SwPlatformwordpress
SkypheFile-gallery Version1.4 SwPlatformwordpress
SkypheFile-gallery Version1.5 SwPlatformwordpress
SkypheFile-gallery Version1.5 Updatea SwPlatformwordpress
SkypheFile-gallery Version1.5 Updateb SwPlatformwordpress
SkypheFile-gallery Version1.5 Updateb2 SwPlatformwordpress
SkypheFile-gallery Version1.5 Updateb3 SwPlatformwordpress
SkypheFile-gallery Version1.5 Updaterc1 SwPlatformwordpress
SkypheFile-gallery Version1.5.1 SwPlatformwordpress
SkypheFile-gallery Version1.5.2 SwPlatformwordpress
SkypheFile-gallery Version1.5.3 SwPlatformwordpress
SkypheFile-gallery Version1.5.4 SwPlatformwordpress
SkypheFile-gallery Version1.5.5 SwPlatformwordpress
SkypheFile-gallery Version1.5.6 SwPlatformwordpress
SkypheFile-gallery Version1.5.7 SwPlatformwordpress
SkypheFile-gallery Version1.5.8 Update- SwPlatformwordpress
SkypheFile-gallery Version1.5.8 Updateb1 SwPlatformwordpress
SkypheFile-gallery Version1.5.8 Updateb2 SwPlatformwordpress
SkypheFile-gallery Version1.5.9 SwPlatformwordpress
SkypheFile-gallery Version1.6 SwPlatformwordpress
SkypheFile-gallery Version1.6.0.1 SwPlatformwordpress
SkypheFile-gallery Version1.6.2 SwPlatformwordpress
SkypheFile-gallery Version1.6.3 SwPlatformwordpress
SkypheFile-gallery Version1.6.4 SwPlatformwordpress
SkypheFile-gallery Version1.6.4.1 SwPlatformwordpress
SkypheFile-gallery Version1.6.5 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.1 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.2 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.3 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.4 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.5 SwPlatformwordpress
SkypheFile-gallery Version1.6.5.6 SwPlatformwordpress
SkypheFile-gallery Version1.6.6 Updatebeta SwPlatformwordpress
SkypheFile-gallery Version1.7 Update- SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc10 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc11 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc12 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc13 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc14 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc3 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc4 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc5 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc6 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc7 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc8 SwPlatformwordpress
SkypheFile-gallery Version1.7 Updaterc9 SwPlatformwordpress
SkypheFile-gallery Version1.7.1 SwPlatformwordpress
SkypheFile-gallery Version1.7.2 SwPlatformwordpress
SkypheFile-gallery Version1.7.3 SwPlatformwordpress
SkypheFile-gallery Version1.7.4 Update- SwPlatformwordpress
SkypheFile-gallery Version1.7.4 Updaterc2 SwPlatformwordpress
SkypheFile-gallery Version1.7.4.1 SwPlatformwordpress
SkypheFile-gallery Version1.7.5 Update- SwPlatformwordpress
SkypheFile-gallery Version1.7.5 Updatebeta1 SwPlatformwordpress
SkypheFile-gallery Version1.7.5 Updatebeta2 SwPlatformwordpress
SkypheFile-gallery Version1.7.5.1 SwPlatformwordpress
SkypheFile-gallery Version1.7.5.3 SwPlatformwordpress
SkypheFile-gallery Version1.7.6 SwPlatformwordpress
SkypheFile-gallery Version1.7.7 SwPlatformwordpress
SkypheFile-gallery Version1.7.8 SwPlatformwordpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.64
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.