Overview
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file.
Description
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - CVE-2016-6565 The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). |
Impact
An authenticated user may be able to read arbitrary files on the server or execute code on the server by including a malicious local file in a formatted server request. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Temporal | 7 | E:POC/RL:OF/RC:C |
| Environmental | 5.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Mukhammad Khalilov for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2016-6565 |
| Date Public: | 2016-11-15 |
| Date First Published: | 2016-11-16 |
| Date Last Updated: | 2016-11-16 13:28 UTC |
| Document Revision: | 25 |