Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for NextGen Gallery plugin by Imagely
CVE-2016-6565 (GCVE-0-2016-6565)
Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI
Title
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file
Summary
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.securityfocus.com/bid/94356/ | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/346175 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagely | NextGen Gallery plugin |
Affected:
2.1.57 , < 2.1.57
(custom)
|
Date Public
2016-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/346175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NextGen Gallery plugin",
"vendor": "Imagely",
"versions": [
{
"lessThan": "2.1.57",
"status": "affected",
"version": "2.1.57",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-13T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "94356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/346175"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6565",
"STATE": "PUBLIC",
"TITLE": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextGen Gallery plugin",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1.57",
"version_value": "2.1.57"
}
]
}
}
]
},
"vendor_name": "Imagely"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94356",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/346175"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6565",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6565 (GCVE-0-2016-6565)
Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI
Title
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file
Summary
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.securityfocus.com/bid/94356/ | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/346175 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagely | NextGen Gallery plugin |
Affected:
2.1.57 , < 2.1.57
(custom)
|
Date Public
2016-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/346175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NextGen Gallery plugin",
"vendor": "Imagely",
"versions": [
{
"lessThan": "2.1.57",
"status": "affected",
"version": "2.1.57",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-13T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "94356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/346175"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6565",
"STATE": "PUBLIC",
"TITLE": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextGen Gallery plugin",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1.57",
"version_value": "2.1.57"
}
]
}
}
]
},
"vendor_name": "Imagely"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94356",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94356/"
},
{
"name": "VU#346175",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/346175"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6565",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}