CVE-2015-9228Unrestricted File Upload in Nextgen Gallery

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGHNVD
EPSS
5.0%
top 10.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagely Nextgen Gallery
Timeline
PublishedSep 12
Latest updateMay 13

Description

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDimagely/nextgen_gallery70 versions+69

🔴Vulnerability Details

2
GHSA
GHSA-vf4x-h7cf-4594: In post-new2022-05-13
CVEList
CVE-2015-9228: In post-new2017-09-12
CVE-2015-9228 — Unrestricted File Upload | cvebase