PT-2017-7556 · Photocrati · Photocrati Nextgen Gallery

Sathish

Publicado

2017-09-12

Atualizado

2020-10-29

CVE-2015-9228

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Photocrati NextGEN Gallery plugin version 2.1.10

Description The issue concerns unrestricted file upload in the Photocrati NextGEN Gallery plugin for WordPress. This is achieved by modifying the file extension, for example, from .jpg to .php, using the name parameter in post-new.php.

Recommendations For version 2.1.10, consider restricting file uploads to only allowed extensions to prevent potential exploitation. As a temporary workaround, restrict access to the post-new.php file until a patch is available. Avoid using the name parameter in the affected endpoint until the issue is resolved.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2015-9228

Produtos afetados

Photocrati Nextgen Gallery

PT-2017-7556 · Photocrati · Photocrati Nextgen Gallery

CVE-2015-9228

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8