Описание
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.0 (исключая)
cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 54%
0.00311
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
EPSS
Процентиль: 54%
0.00311
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79