It was possible to bypass the “validate_ajax_request” function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942
CPE | Name | Operator | Version |
---|---|---|---|
nextgen-gallery | lt | 3.5.0 |