CVE-2023-3279 — Path Traversal in Nextgen Gallery

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.9%

top 24.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagely Nextgen Gallery

Timeline

PublishedOct 16

Description

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶NVDimagely/nextgen_gallery< 3.39

🔴Vulnerability Details

CVEList

NextGEN Gallery < 3.39 - Admin+ Local File Inclusion↗2023-10-16

▶

GHSA

GHSA-q438-9265-rccj: The WordPress Gallery Plugin WordPress plugin before 3↗2023-10-16

▶