Description
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://github.com/cybersecurityworks/Disclosed/issues/6
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html
Vendor Advisory x_refsource_misc
https://wordpress.org/plugins/nextgen-gallery/#developers
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2015/10/27/6
Various Sources x_refsource_misc
https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9758
Scores
CVSS v3
8.8
EPSS
0.0504
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (50)
imagely/nextgen_gallery
1.5.0
imagely/nextgen_gallery
1.5.1
imagely/nextgen_gallery
1.5.2
imagely/nextgen_gallery
1.5.3
imagely/nextgen_gallery
1.5.4
imagely/nextgen_gallery
1.5.5
imagely/nextgen_gallery
1.6.0
imagely/nextgen_gallery
1.6.1
imagely/nextgen_gallery
1.6.2
imagely/nextgen_gallery
1.7.0
... and 40 more
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026