CVE-2015-1784Unrestricted File Upload in Nextgen Gallery

CWE-434Unrestricted File Upload4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 21.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagely Nextgen Gallery
Timeline
PublishedJul 7
Latest updateJul 8

Description

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDimagely/nextgen_gallery< 2.0.77.3

🔴Vulnerability Details

2
GHSA
GHSA-7vwp-37h2-j956: In nextgen-galery wordpress plugin before 22022-07-08
CVEList
CVE-2015-1784: In nextgen-galery wordpress plugin before 22022-07-07

💬Community

1
Bugzilla
CVE-2015-2158 pngcrush: pngcrush_measure_idat() off-by-one error2015-03-03
CVE-2015-1784 — Unrestricted File Upload | cvebase