3 matches found
CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection
Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...
CVE-2023-3154
The CVE-2023-3154 issue affects WordPress NextGEN Gallery Plugin (versions before 3.39). The connected sources describe a PHAR deserialization vulnerability in the gallery_edit function caused by insufficient input parameter validation, enabling an attacker to access arbitrary resources on the se...