9
CVE-2015-9228
- EPSS 3.73%
- Veröffentlicht 12.09.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginNextGen Gallery <= 2.1.10 - Unrestricted File Upload
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
Mögliche Gegenmaßnahme
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery: Update to version 2.1.15, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagely ≫ Nextgen Gallery Version1.5.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.5.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.5.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.5.3 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.5.4 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.5.5 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.6.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.6.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.6.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.7.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.7.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.7.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.7.3 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.7.4 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.8.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.8.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.8.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.8.3 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.8.4 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.3 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.5 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.6 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.7 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.8 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.10 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.11 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.12 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version1.9.13 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.7 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.11 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.14 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.17 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.21 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.23 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.25 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.27 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.30 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.31 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.33 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.40 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.57 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.58 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.59 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.61 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.63 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.65 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.16 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.17 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.26 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.27 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.29 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.31 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.66.33 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.71 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.74 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.76 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.77 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.78 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.78.1 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.0.79 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.1.0 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.1.2 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.1.7 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.1.9 SwPlatformwordpress
Imagely ≫ Nextgen Gallery Version2.1.10 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
Version
*-2.1.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.73% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
http://www.openwall.com/lists/oss-security/2015/10/27/6
https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html
https://github.com/cybersecurityworks/Disclosed/issues/6
https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html
https://wordpress.org/plugins/nextgen-gallery/#developers
https://wpvulndb.com/vulnerabilities/9758
https://www.wordfence.com/threat-intel/vulnerabilities/id/9622c839-a1dd-4633-8a9c-cec41d1041ff