CVE-2015-9538

MEDIUM

NextGEN Gallery < 2.1.15 - Path Traversal via Path Selection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-9538. PoCs published by Sathish Kumar, including Metasploit module auxiliary/scanner/http/wp_nextgen_galley_file_read.

AI-analyzed exploit summary This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress NextGEN Gallery plugin version 2.1.7, allowing arbitrary directory reading with web server privileges. It requires valid WordPress credentials and leverages a nonce-based authentication mechanism.

Description

The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.

Exploits (1)

metasploit WORKING POC

by Sathish Kumar · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress NextGEN Gallery plugin version 2.1.7, allowing arbitrary directory reading with web server privileges. It requires valid WordPress credentials and leverages a nonce-based authentication mechanism.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WordPress NextGEN Gallery plugin version 2.1.7

Auth required

Prerequisites: Valid WordPress credentials · NextGEN Gallery plugin version 2.1.7 installed

MITRE ATT&CK