CVE-2015-1785

CWE-434Unrestricted File UploadCWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 72.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagely Nextgen Gallery
Timeline
PublishedJul 7
Latest updateJul 8

Description

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDimagely/nextgen_gallery< 2.0.77.3
CVEListV5nextgen-gallerynextgen-gallery 2.0.77.3

🔴Vulnerability Details

2
GHSA
GHSA-r879-3456-rvxx: In nextgen-galery wordpress plugin before 22022-07-08
CVEList
CVE-2015-1785: In nextgen-galery wordpress plugin before 22022-07-07
CVE-2015-1785 (MEDIUM CVSS 6.5) | In nextgen-galery wordpress plugin | cvebase.io