CVE-2016-6565

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
References
Link Resource
https://www.kb.cert.org/vuls/id/346175 Third Party Advisory US Government Resource
https://www.securityfocus.com/bid/94356/ Third Party Advisory VDB Entry
https://www.kb.cert.org/vuls/id/346175 Third Party Advisory US Government Resource
https://www.securityfocus.com/bid/94356/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:56

Type Values Removed Values Added
References () https://www.kb.cert.org/vuls/id/346175 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/346175 - Third Party Advisory, US Government Resource
References () https://www.securityfocus.com/bid/94356/ - Third Party Advisory, VDB Entry () https://www.securityfocus.com/bid/94356/ - Third Party Advisory, VDB Entry

Information

Published : 2018-07-13 20:29

Updated : 2024-11-21 02:56


NVD link : CVE-2016-6565

Mitre link : CVE-2016-6565

CVE.ORG link : CVE-2016-6565


JSON object : View

Products Affected

imagely

  • nextgen_gallery
CWE
CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CWE-20

Improper Input Validation