Lucene search
Alex SanfordWPEX-ID:3B7A7070-8D61-4FF8-B003-B4FF06221635HistorySep 25, 2023 - 12:00 a.m.
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-09-2500:00:00
Alex Sanford
34
local file inclusion
nextgen gallery
admin+
customize display settings
developer tools
exploit
Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
1. Create a gallery and upload an image.
2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery created in the previous step.
3. In "Customize Display Settings", using the developer tools, set the value of the "Select View" field to "default/../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
4. Save and load the page to view the contents of `/etc/passwd`.Related
nvd
nvd
CVE-2023-3279
2023-10-16 20:15:14
wpvulndb
wpvulndb
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-09-25 00:00:00
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
cvelist
cvelist
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-10-16 19:39:18
cve
cve
CVE-2023-3279
2023-10-16 20:15:14
openvas
openvas
WordPress NextGEN Gallery Plugin < 3.39 Multiple Vulnerabilities
2023-10-18 00:00:00
5.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.2%
Related for WPEX-ID:3B7A7070-8D61-4FF8-B003-B4FF06221635