Lucene search
MitreCVE-2014-2558HistoryMay 06, 2014 - 2:55 p.m.
CVE-2014-2558
2014-05-0614:55:05
CWE-94
mitre
web.nvd.nist.gov
22
cve-2014-2558
file gallery plugin
wordpress
remote code execution
security vulnerability
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
70.6%
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a ' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Affected configurations
Node
skyphefile-galleryRange≤1.7.9wordpress
ORskyphefile-galleryMatch1.1wordpress
ORskyphefile-galleryMatch1.2wordpress
ORskyphefile-galleryMatch1.3wordpress
ORskyphefile-galleryMatch1.4wordpress
ORskyphefile-galleryMatch1.5wordpress
ORskyphefile-galleryMatch1.5awordpress
ORskyphefile-galleryMatch1.5bwordpress
ORskyphefile-galleryMatch1.5b2wordpress
ORskyphefile-galleryMatch1.5b3wordpress
ORskyphefile-galleryMatch1.5rc1wordpress
ORskyphefile-galleryMatch1.5.1wordpress
ORskyphefile-galleryMatch1.5.2wordpress
ORskyphefile-galleryMatch1.5.3wordpress
ORskyphefile-galleryMatch1.5.4wordpress
ORskyphefile-galleryMatch1.5.5wordpress
ORskyphefile-galleryMatch1.5.6wordpress
ORskyphefile-galleryMatch1.5.7wordpress
ORskyphefile-galleryMatch1.5.8-wordpress
ORskyphefile-galleryMatch1.5.8b1wordpress
ORskyphefile-galleryMatch1.5.8b2wordpress
ORskyphefile-galleryMatch1.5.9wordpress
ORskyphefile-galleryMatch1.6wordpress
ORskyphefile-galleryMatch1.6.0.1wordpress
ORskyphefile-galleryMatch1.6.2wordpress
ORskyphefile-galleryMatch1.6.3wordpress
ORskyphefile-galleryMatch1.6.4wordpress
ORskyphefile-galleryMatch1.6.4.1wordpress
ORskyphefile-galleryMatch1.6.5wordpress
ORskyphefile-galleryMatch1.6.5.1wordpress
ORskyphefile-galleryMatch1.6.5.2wordpress
ORskyphefile-galleryMatch1.6.5.3wordpress
ORskyphefile-galleryMatch1.6.5.4wordpress
ORskyphefile-galleryMatch1.6.5.5wordpress
ORskyphefile-galleryMatch1.6.5.6wordpress
ORskyphefile-galleryMatch1.6.6betawordpress
ORskyphefile-galleryMatch1.7-wordpress
ORskyphefile-galleryMatch1.7rc10wordpress
ORskyphefile-galleryMatch1.7rc11wordpress
ORskyphefile-galleryMatch1.7rc12wordpress
ORskyphefile-galleryMatch1.7rc13wordpress
ORskyphefile-galleryMatch1.7rc14wordpress
ORskyphefile-galleryMatch1.7rc3wordpress
ORskyphefile-galleryMatch1.7rc4wordpress
ORskyphefile-galleryMatch1.7rc5wordpress
ORskyphefile-galleryMatch1.7rc6wordpress
ORskyphefile-galleryMatch1.7rc7wordpress
ORskyphefile-galleryMatch1.7rc8wordpress
ORskyphefile-galleryMatch1.7rc9wordpress
ORskyphefile-galleryMatch1.7.1wordpress
ORskyphefile-galleryMatch1.7.2wordpress
ORskyphefile-galleryMatch1.7.3wordpress
ORskyphefile-galleryMatch1.7.4-wordpress
ORskyphefile-galleryMatch1.7.4rc2wordpress
ORskyphefile-galleryMatch1.7.4.1wordpress
ORskyphefile-galleryMatch1.7.5-wordpress
ORskyphefile-galleryMatch1.7.5beta1wordpress
ORskyphefile-galleryMatch1.7.5beta2wordpress
ORskyphefile-galleryMatch1.7.5.1wordpress
ORskyphefile-galleryMatch1.7.5.3wordpress
ORskyphefile-galleryMatch1.7.6wordpress
ORskyphefile-galleryMatch1.7.7wordpress
ORskyphefile-galleryMatch1.7.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| skyphe | file-gallery | * | cpe:2.3:a:skyphe:file-gallery:*:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.1 | cpe:2.3:a:skyphe:file-gallery:1.1:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.2 | cpe:2.3:a:skyphe:file-gallery:1.2:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.3 | cpe:2.3:a:skyphe:file-gallery:1.3:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.4 | cpe:2.3:a:skyphe:file-gallery:1.4:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.5 | cpe:2.3:a:skyphe:file-gallery:1.5:*:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.5 | cpe:2.3:a:skyphe:file-gallery:1.5:a:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.5 | cpe:2.3:a:skyphe:file-gallery:1.5:b:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.5 | cpe:2.3:a:skyphe:file-gallery:1.5:b2:*:*:*:wordpress:*:* |
| skyphe | file-gallery | 1.5 | cpe:2.3:a:skyphe:file-gallery:1.5:b3:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
prion
prion
Design/Logic Flaw
2014-05-06 14:55:00
patchstack
patchstack
WordPress File Gallery Plugin <= 1.7.9.1 - Arbitrary Code Execution
2014-03-19 00:00:00
nvd
nvd
CVE-2014-2558
2014-05-06 14:55:05
cvelist
cvelist
CVE-2014-2558
2014-05-06 14:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
70.6%
Related for CVE-2014-2558