CVE-2014-2558

Опубликовано: 06 мая 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:skyphe:file-gallery:*:*:*:*:*:wordpress:*:*

Версия до 1.7.9 (включая)

cpe:2.3:a:skyphe:file-gallery:1.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:a:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:b:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:b2:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:b3:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5:rc1:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.7:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.8:-:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.8:b1:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.8:b2:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.5.9:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.0.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.4.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.4:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.5:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.5.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.6.6:beta:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:-:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc10:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc11:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc12:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc13:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc14:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc3:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc4:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc5:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc6:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc7:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc8:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7:rc9:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.2:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.4:-:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.4:rc2:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.4.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.5:-:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.5:beta1:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.5:beta2:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.5.1:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.5.3:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.7:*:*:*:*:wordpress:*:*

cpe:2.3:a:skyphe:file-gallery:1.7.8:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 64%

0.0047

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-pg2w-hcm2-5fww

github

больше 3 лет назад

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.