photo-gallery Plugin till 1.5.34 på WordPress Options.php cross site scripting

inträdeeditHistoryDiffjsonxmlCTI

Det var en problematiskt svag punkt som finns i photo-gallery Plugin till 1.5.34 på WordPress (Photo Gallery Software). Som påverkar en okänd funktion filen admin/controllers/Options.php. En uppgradering till den version 1.5.35 att åtgärda problemet.

Fält	09/09/2019 07:20	15/08/2020 20:47
name	photo-gallery Plugin	photo-gallery Plugin
version	<=1.5.34	<=1.5.34
platform	WordPress	WordPress
file	admin/controllers/Options.php	admin/controllers/Options.php
risk	1	1
cvss2_vuldb_basescore	4.3	4.3
cvss2_vuldb_tempscore	3.7	3.7
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	M	M
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss3_meta_basescore	5.2	5.2
cvss3_meta_tempscore	4.9	4.9
cvss3_vuldb_basescore	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
date	1567900800 (08/09/2019)	1567900800 (08/09/2019)
price_0day	$0-$5k	$0-$5k
name	Upgrade	Upgrade
upgrade_version	1.5.35	1.5.35
cve	CVE-2019-16118	CVE-2019-16118
seealso	141401 141403	141401 141403
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	X	X
cvss3_nvd_basescore	6.1	6.1
type		Photo Gallery Software
cwe	0	79 (cross site scripting)
cvss2_nvd_av		N
cvss2_nvd_ac		M
cvss2_nvd_au		N
cvss2_nvd_ci		N
cvss2_nvd_ii		P
cvss2_nvd_ai		N
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		N
cvss3_nvd_ui		R
cvss3_nvd_s		C
cvss3_nvd_c		L
cvss3_nvd_i		L
cvss3_nvd_a		N
cve_assigned		1567900800
cve_nvd_summary		Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

◂ Tidigare Översikt Nästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!