Lucene search

[email protected]NVD:CVE-2015-9228

HistorySep 12, 2017 - 8:29 a.m.

CVE-2015-9228

2017-09-1208:29:00

CWE-434

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.2%

JSON

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

Affected configurations

Nvd

Node

imagelynextgen_galleryMatch1.5.0wordpress

imagelynextgen_galleryMatch1.5.1wordpress

imagelynextgen_galleryMatch1.5.2wordpress

imagelynextgen_galleryMatch1.5.3wordpress

imagelynextgen_galleryMatch1.5.4wordpress

imagelynextgen_galleryMatch1.5.5wordpress

imagelynextgen_galleryMatch1.6.0wordpress

imagelynextgen_galleryMatch1.6.1wordpress

imagelynextgen_galleryMatch1.6.2wordpress

imagelynextgen_galleryMatch1.7.0wordpress

imagelynextgen_galleryMatch1.7.1wordpress

imagelynextgen_galleryMatch1.7.2wordpress

imagelynextgen_galleryMatch1.7.3wordpress

imagelynextgen_galleryMatch1.7.4wordpress

imagelynextgen_galleryMatch1.8.0wordpress

imagelynextgen_galleryMatch1.8.1wordpress

imagelynextgen_galleryMatch1.8.2wordpress

imagelynextgen_galleryMatch1.8.3wordpress

imagelynextgen_galleryMatch1.8.4wordpress

imagelynextgen_galleryMatch1.9.0wordpress

imagelynextgen_galleryMatch1.9.1wordpress

imagelynextgen_galleryMatch1.9.2wordpress

imagelynextgen_galleryMatch1.9.3wordpress

imagelynextgen_galleryMatch1.9.5wordpress

imagelynextgen_galleryMatch1.9.6wordpress

imagelynextgen_galleryMatch1.9.7wordpress

imagelynextgen_galleryMatch1.9.8wordpress

imagelynextgen_galleryMatch1.9.10wordpress

imagelynextgen_galleryMatch1.9.11wordpress

imagelynextgen_galleryMatch1.9.12wordpress

imagelynextgen_galleryMatch1.9.13wordpress

imagelynextgen_galleryMatch2.0wordpress

imagelynextgen_galleryMatch2.0.7wordpress

imagelynextgen_galleryMatch2.0.11wordpress

imagelynextgen_galleryMatch2.0.14wordpress

imagelynextgen_galleryMatch2.0.17wordpress

imagelynextgen_galleryMatch2.0.21wordpress

imagelynextgen_galleryMatch2.0.23wordpress

imagelynextgen_galleryMatch2.0.25wordpress

imagelynextgen_galleryMatch2.0.27wordpress

imagelynextgen_galleryMatch2.0.30wordpress

imagelynextgen_galleryMatch2.0.31wordpress

imagelynextgen_galleryMatch2.0.33wordpress

imagelynextgen_galleryMatch2.0.40wordpress

imagelynextgen_galleryMatch2.0.57wordpress

imagelynextgen_galleryMatch2.0.58wordpress

imagelynextgen_galleryMatch2.0.59wordpress

imagelynextgen_galleryMatch2.0.61wordpress

imagelynextgen_galleryMatch2.0.63wordpress

imagelynextgen_galleryMatch2.0.65wordpress

imagelynextgen_galleryMatch2.0.66wordpress

imagelynextgen_galleryMatch2.0.66.16wordpress

imagelynextgen_galleryMatch2.0.66.17wordpress

imagelynextgen_galleryMatch2.0.66.26wordpress

imagelynextgen_galleryMatch2.0.66.27wordpress

imagelynextgen_galleryMatch2.0.66.29wordpress

imagelynextgen_galleryMatch2.0.66.31wordpress

imagelynextgen_galleryMatch2.0.66.33wordpress

imagelynextgen_galleryMatch2.0.71wordpress

imagelynextgen_galleryMatch2.0.74wordpress

imagelynextgen_galleryMatch2.0.76wordpress

imagelynextgen_galleryMatch2.0.77wordpress

imagelynextgen_galleryMatch2.0.78wordpress

imagelynextgen_galleryMatch2.0.78.1wordpress

imagelynextgen_galleryMatch2.0.79wordpress

imagelynextgen_galleryMatch2.1.0wordpress

imagelynextgen_galleryMatch2.1.2wordpress

imagelynextgen_galleryMatch2.1.7wordpress

imagelynextgen_galleryMatch2.1.9wordpress

imagelynextgen_galleryMatch2.1.10wordpress

VendorProductVersionCPE
imagelynextgen_gallery1.5.0cpe:2.3:a:imagely:nextgen_gallery:1.5.0:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.5.1cpe:2.3:a:imagely:nextgen_gallery:1.5.1:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.5.2cpe:2.3:a:imagely:nextgen_gallery:1.5.2:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.5.3cpe:2.3:a:imagely:nextgen_gallery:1.5.3:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.5.4cpe:2.3:a:imagely:nextgen_gallery:1.5.4:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.5.5cpe:2.3:a:imagely:nextgen_gallery:1.5.5:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.6.0cpe:2.3:a:imagely:nextgen_gallery:1.6.0:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.6.1cpe:2.3:a:imagely:nextgen_gallery:1.6.1:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.6.2cpe:2.3:a:imagely:nextgen_gallery:1.6.2:*:*:*:*:wordpress:*:*
imagelynextgen_gallery1.7.0cpe:2.3:a:imagely:nextgen_gallery:1.7.0:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
imagely	nextgen_gallery	1.5.0	cpe:2.3:a:imagely:nextgen_gallery:1.5.0:::::wordpress::
imagely	nextgen_gallery	1.5.1	cpe:2.3:a:imagely:nextgen_gallery:1.5.1:::::wordpress::
imagely	nextgen_gallery	1.5.2	cpe:2.3:a:imagely:nextgen_gallery:1.5.2:::::wordpress::
imagely	nextgen_gallery	1.5.3	cpe:2.3:a:imagely:nextgen_gallery:1.5.3:::::wordpress::
imagely	nextgen_gallery	1.5.4	cpe:2.3:a:imagely:nextgen_gallery:1.5.4:::::wordpress::
imagely	nextgen_gallery	1.5.5	cpe:2.3:a:imagely:nextgen_gallery:1.5.5:::::wordpress::
imagely	nextgen_gallery	1.6.0	cpe:2.3:a:imagely:nextgen_gallery:1.6.0:::::wordpress::
imagely	nextgen_gallery	1.6.1	cpe:2.3:a:imagely:nextgen_gallery:1.6.1:::::wordpress::
imagely	nextgen_gallery	1.6.2	cpe:2.3:a:imagely:nextgen_gallery:1.6.2:::::wordpress::
imagely	nextgen_gallery	1.7.0	cpe:2.3:a:imagely:nextgen_gallery:1.7.0:::::wordpress::

Rows per page:

1-10 of 701

References

www.openwall.com/lists/oss-security/2015/10/27/6

cybersecurityworks.com/zerodays/cve-2015-9228-crony.html

github.com/cybersecurityworks/Disclosed/issues/6

packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html

wordpress.org/plugins/nextgen-gallery/#developers

wpvulndb.com/vulnerabilities/9758

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.006

Percentile

78.2%

JSON

Related for NVD:CVE-2015-9228

openvas1 cvelist1 wpvulndb1 cve1 prion1