CVE-2015-1784
HIGHImagely Nextgen Gallery < 2.0.77.3 - Unrestricted File Upload
Title source: ruleDescription
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4
Exploit, Third Party Advisory x_refsource_misc
https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress
Scores
CVSS v3
8.8
EPSS
0.0118
EPSS Percentile
78.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
imagely/nextgen_gallery
< 2.0.77.3
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026