The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/346175 | Third Party Advisory US Government Resource |
https://www.securityfocus.com/bid/94356/ | Third Party Advisory VDB Entry |
https://www.kb.cert.org/vuls/id/346175 | Third Party Advisory US Government Resource |
https://www.securityfocus.com/bid/94356/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.kb.cert.org/vuls/id/346175 - Third Party Advisory, US Government Resource | |
References | () https://www.securityfocus.com/bid/94356/ - Third Party Advisory, VDB Entry |
Information
Published : 2018-07-13 20:29
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6565
Mitre link : CVE-2016-6565
CVE.ORG link : CVE-2016-6565
JSON object : View
Products Affected
imagely
- nextgen_gallery