Lucene search
Alex SanfordWPVDB-ID:3B7A7070-8D61-4FF8-B003-B4FF06221635HistorySep 25, 2023 - 12:00 a.m.
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-09-2500:00:00
Alex Sanford
wpscan.com
3
nextgen gallery
3.39
admin
local file inclusion
lfi attacks
security
0.0005 Low
EPSS
Percentile
18.2%
Description The plugin does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
PoC
1. Create a gallery and upload an image. 2. Add the NextGEN Gallery block to a page and click Edit. Select the Gallery created in the previous step. 3. In “Customize Display Settings”, using the developer tools, set the value of the “Select View” field to “default/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/etc/passwd” 4. Save and load the page to view the contents of /etc/passwd.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.39 |
Related
nvd
nvd
CVE-2023-3279
2023-10-16 20:15:14
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
cvelist
cvelist
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-10-16 19:39:18
cve
cve
CVE-2023-3279
2023-10-16 20:15:14
wpexploit
wpexploit
NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
2023-09-25 00:00:00
openvas
openvas
WordPress NextGEN Gallery Plugin < 3.39 Multiple Vulnerabilities
2023-10-18 00:00:00