CVE-2016-6565 in NextGEN Galleryinformazioni

Riassunto

di MITRE

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

03/08/2016

Divulgazione

13/07/2018

Moderazione

accettato

Voce

VDB-121447

CPE

pronto

CWE

CWE-20 (confermato)

CVSS

7.5 (NVD)

EPSS

0.02538

KEV

Attività

molto basso

Settore

Agriculture, Lawfirm, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6565
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6565
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6565/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!