QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1784

Published: Jul 7, 2022

Modified: Aug 6, 2024

PUBLISHED

Description

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.

Vendor	Product	Versions
n/a	nextgen-gallery	affected `nextgen-gallery 2.0.77.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4

x_refsource_MISC

https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.