6 matches found
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...
WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Local File Inclusion
Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-3279 Patch priority Low CVSS severity Low 6 Developer Claim ownership PSID 1c647829048b Credits Linwz from DEVCORE Required privilege Administrat...
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...
CVE-2023-3279
The CVE-2023-3279 issue affects the WordPress NextGEN Gallery Plugin (versions prior to 3.39). The root cause is the plugin not validating certain block attributes before using them to build paths for include/require calls, enabling an administrator to perform Local File Inclusion (LFI) attacks. ...
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...