CVE-2024-32778
published 2024-06-09CVE-2024-32778: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery…
PriorityP277high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.61%
44.8th percentile
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contest-gallery | contest_gallery | < 21.3.5 | 21.3.5 |
| wasiliy_strecker | contestgallery_developer_contest_gallery | <= 21.3.4 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
vulncheck8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrhv-26jc-hh6q: Missing Authorization vulnerability in Contest Gallery
ghsa_unreviewed·2024-06-09
CVE-2024-32778 [HIGH] CWE-22 GHSA-hrhv-26jc-hh6q: Missing Authorization vulnerability in Contest Gallery
Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
VulnCheck
Contest Gallery Plugin Arbitrary File Deletion
vulncheck·2024·CVSS 8.1
CVE-2024-32778 [HIGH] Contest Gallery Plugin Arbitrary File Deletion
Contest Gallery Plugin Arbitrary File Deletion
Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
Affected: Wasiliy Strecker Contest Gallery
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve
2024-06-09
Published
Exploited in the wild