CVE-2015-9538

MEDIUM

Imagely Nextgen Gallery < 2.1.15 - Path Traversal

Title source: rule

Description

The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.

Exploits (1)

metasploit WORKING POC

by Sathish Kumar · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read.rb

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory] https://cxsecurity.com/issue/WLB-2015080165

[Exploit, Third Party Advisory] https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html

[Exploit, Third Party Advisory] https://github.com/cybersecurityworks/Disclosed/issues/2

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Site-Scripting-Path-Traversal.html

[Release Notes, Third Party Advisory] https://wordpress.org/plugins/nextgen-gallery/#developers

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2015/08/28/4

[Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2015/09/01/7

Scores

CVSS v3 6.5

EPSS 0.7025

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

imagely/nextgen_gallery < 2.1.15

Published Nov 26, 2019

Tracked Since Feb 18, 2026