CVE-2015-1785
MEDIUMNextGEN Gallery < 2.0.77.3 - Unauthenticated Arbitrary File Upload and Cross-Site Request Forgery
Title source: llmDescription
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4
Exploit, Third Party Advisory x_refsource_misc
https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress
Scores
CVSS v3
6.5
EPSS
0.0060
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
CWE-434
Status
published
Products (1)
imagely/nextgen_gallery
< 2.0.77.3
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026