Lucene search
Ramuel GallWPVDB-ID:811BEB4D-89B7-42BD-B387-EC588D318EF8HistoryFeb 08, 2021 - 12:00 a.m.
NextGen Gallery < 3.5.0 - CSRF allows File Upload, Stored XSS, and RCE
2021-02-0800:00:00
Ramuel Gall
wpscan.com
89
nextgen gallery
csrf
file upload
stored xss
rce
access control
EPSS
0.001
Percentile
38.5%
It was possible to bypass the “is_authorized_request” function used to control access to plugin settings by sending a request without a nonce parameter. This could be used to upload arbitrary code to a CSS file with a double extension (e.g. file.php.css), and could also be used to include the uploaded file as a gallery template, resulting in RCE and XSS when visiting a gallery using the selected template.
Related
cve
cve
CVE-2020-35942
2021-02-09 18:15:44
cvelist
cvelist
CVE-2020-35942
2021-02-09 17:49:23
prion
prion
Cross site request forgery (csrf)
2021-02-09 18:15:00
patchstack
patchstack
nvd
nvd
CVE-2020-35942
2021-02-09 18:15:44
threatpost
threatpost
Critical WordPress Plugin Flaw Allows Site Takeover
2021-02-08 21:11:57
openvas
openvas
WordPress NextGEN Gallery Plugin < 3.5.0 Multiple Vulnerabilities
2021-02-11 00:00:00