|
Description
|
|
A vulnerability has been discovered in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the plugin not properly verifying the mime type of image files. This can be exploited to upload and execute arbitrary PHP code.
Successful exploitation of this vulnerability requires "Add gallery / Upload images" privileges.
The vulnerability is confirmed in version 2.0.65. Prior versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress NextGEN Gallery Plugin 2.x
|
|
|
|
|
|
Solution
|
|
Update to version 2.0.66.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
NextGEN Gallery:
http://wordpress.org/plugins/nextgen-gallery/changelog/
Packet Storm:
http://packetstormsecurity.com/files/127340/WordPress-NextGEN-Gallery-2.0.63-Shell-Upload.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
