6.5
CVE-2015-1785
- EPSS 0.6%
- Veröffentlicht 07.07.2022 13:15:07
- Zuletzt bearbeitet 21.11.2024 02:26:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
Mögliche Gegenmaßnahme
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery: Update to version 2.0.77.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagely ≫ Nextgen Gallery SwPlatformwordpress Version < 2.0.77.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
Version
[*, 2.0.77.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.437 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4
https://www.wordfence.com/threat-intel/vulnerabilities/id/41d9de3f-5f49-413d-bee6-a4f9ebcf2799