NextGEN Gallery <= 2.0.77 - CSRF & Arbitrary File Upload



Description
There are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.

Affects Plugin

References

CVE 2015-1784
CVE 2015-1785
URL https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter Louie Augarde
Submitter Twitter Nettitude_com
Views 6469
Verified No
WPVDB ID 7865

Timeline

Publicly Published 2015-03-25 (over 5 years ago)
Added 2015-03-25 (over 5 years ago)
Last Updated 2019-11-25 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin