CVE-2015-9228
Vulnerability from cvelistv5
Published
2017-09-12 08:00
Modified
2024-08-06 08:43
Severity ?
Summary
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2015/10/27/6Mailing List, Third Party Advisory
cve@mitre.orghttps://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html
cve@mitre.orghttps://github.com/cybersecurityworks/Disclosed/issues/6Vendor Advisory
cve@mitre.orghttps://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://wordpress.org/plugins/nextgen-gallery/#developersVendor Advisory
cve@mitre.orghttps://wpvulndb.com/vulnerabilities/9758
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/10/27/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/cybersecurityworks/Disclosed/issues/6Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://wordpress.org/plugins/nextgen-gallery/#developersVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpvulndb.com/vulnerabilities/9758
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:43:41.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cybersecurityworks/Disclosed/issues/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/nextgen-gallery/#developers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/10/27/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpvulndb.com/vulnerabilities/9758"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T21:12:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cybersecurityworks/Disclosed/issues/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/nextgen-gallery/#developers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/10/27/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpvulndb.com/vulnerabilities/9758"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cybersecurityworks/Disclosed/issues/6",
              "refsource": "MISC",
              "url": "https://github.com/cybersecurityworks/Disclosed/issues/6"
            },
            {
              "name": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html",
              "refsource": "MISC",
              "url": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html"
            },
            {
              "name": "https://wordpress.org/plugins/nextgen-gallery/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/nextgen-gallery/#developers"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2015/10/27/6",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2015/10/27/6"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/9758",
              "refsource": "MISC",
              "url": "https://wpvulndb.com/vulnerabilities/9758"
            },
            {
              "name": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html",
              "refsource": "MISC",
              "url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9228",
    "datePublished": "2017-09-12T08:00:00",
    "dateReserved": "2017-09-12T00:00:00",
    "dateUpdated": "2024-08-06T08:43:41.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-9228\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-12T08:29:00.177\",\"lastModified\":\"2024-11-21T02:40:06.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.\"},{\"lang\":\"es\",\"value\":\"En post-new.php en el plugin Photocrati NextGEN Gallery 2.1.10 para WordPress, la subida de archivos sin restricci\u00f3n est\u00e1 disponible mediante el par\u00e1metro name, si se cambia una extensi\u00f3n de archivo de .jpg a .php.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"ECF39D62-E336-4243-ACFB-A6D324D02735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"7DDC7F69-7B09-4BDE-9405-02EF40C3CC65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"F6DD0D5B-4178-47AE-ABC6-86BD795BAA68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.3:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"878F4E89-8C65-42C9-97ED-3FD5F35415B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.4:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"EA006ED6-6455-4DDE-A6F8-F84F0380E0CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.5.5:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"F41641EB-D8DA-4598-8338-8DEDA1BFD65B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.6.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"C1633F1D-2797-494A-8213-0AD2B96AE76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.6.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"4BBBDB58-1C90-4DD5-BA14-B9A10955272A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.6.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A08D2455-5B30-4E35-BEED-33A41F837A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.7.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"CA767401-0C0E-4FD6-B686-23AB5CC5B7E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.7.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D5545913-8CC4-4559-B8A6-E5212446B0ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.7.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"57910DFC-7B96-46A7-9F10-BB1CC994A7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.7.3:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D7AD2209-DFCB-4BD0-844E-5AD4B756E009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.7.4:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"E8EC80CF-CD5B-4BB1-9D07-E4B262639DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.8.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A0770FC5-82B9-4950-BFF7-B15630A41478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.8.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"AB3DA7A6-D7D3-4CC6-8568-1C28B188CE74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.8.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D0D6F302-ACD8-442D-A1D1-F9CFB5EE73AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.8.3:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"69F1393A-D423-4FCE-B0D1-6CDB99C9510F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.8.4:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"FD6109B8-1AC2-49EA-8E49-1514140B61EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"E6048730-3C3D-47E1-BB4B-C4034E95BE76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"CEBB47C9-E4EF-48D1-A716-633F64E98FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"F9C0F33D-63BA-4785-863C-F66D6DC8B17E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.3:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"140F7A5D-90F2-4668-B0D7-17F282C3ABC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.5:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"68918C13-FD8C-4C02-9837-DA8D4C201524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.6:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"865470F4-692D-4D85-A605-3C8DF13C56DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.7:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"1EFD94A3-C7DC-48F3-928B-B3AB1EA888F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.8:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"6E1737C5-3B82-457F-9E17-A6DB6FD4F814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.10:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"2678D97A-4B72-4F8D-8243-049F4E3E1359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.11:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"7552C209-65EB-4F60-85F4-0076FCB269A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.12:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"847815E1-8B82-4B03-BFAA-81AEE13D5257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:1.9.13:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"B0A47074-8EEE-4B6E-A49E-447748CB50E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"F61E6D1B-4E20-44FD-965A-2665BF795701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.7:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"3AD74515-3C69-48F0-821E-26F46BCC2D0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.11:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"08B2053E-F619-48C7-8AF8-D48B93CEDE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.14:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"5A92F7F0-F09B-4403-99F3-698B5EE44FAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.17:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"07185165-9E9D-467B-B6EB-23F8E15A2AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.21:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A39C401A-D1BA-4823-A6FE-6B53F4791397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.23:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"C348E70B-284E-4079-B14D-DC5A7248C153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.25:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"C55898A2-416F-4C9A-9DBE-16EA615E43CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.27:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"0E474EE7-90B9-43EA-BF8A-FADB24FE1099\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.30:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A163DB2B-A390-4BC8-BE95-690FF92459E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.31:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"B85ACA9D-9706-44C0-B41B-EE1852A2E8C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.33:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"75AADE1E-74B9-4CA6-8187-6A23A426BB10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.40:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D678C568-FBD6-4536-B9AD-933C50448236\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.57:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"01F1AFD7-4A5C-4108-B837-59EC1746D9FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.58:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D49F3E69-DA63-4A8A-B75A-22FE62AE83E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.59:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A634C3AE-EC06-4A84-8C63-D53DAFABA318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.61:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"968B4D91-88D5-45CE-8289-559B6DD4AD32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.63:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D92BCD1F-50E4-4F7D-BC73-D2EF0FB10F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.65:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A191CCD7-2F0D-4016-BD5F-50FDB76592C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"217B1BF7-A441-4DA5-A76A-977762DE55BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.16:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"18BDD805-DF7F-4C45-9355-DF295B13B4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.17:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A7812E37-77E5-461F-8628-3FD5CFE74E77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.26:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D755C209-FCDB-4ED6-8225-F0B650D08465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.27:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"EB961C92-2067-44D7-9270-0675017B0411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.29:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"BFDA3C18-99A1-4D04-A9D9-1F302C2CE587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.31:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"89DB4CF6-84A7-4740-A8EC-87E603F77DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.66.33:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"D1382393-AD68-40B5-BD86-3B13D46D8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.71:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"48D810DF-8A7D-471B-BD90-9926254F96FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.74:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"E1B1D4AB-8318-4A58-AE36-1DA9253B30F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.76:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"9E218B63-D5CB-4C92-8CFF-17175E24554F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.77:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"01C95D3E-C13C-4DBE-9948-0F65720446B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.78:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"AFDC464A-4846-4C04-905F-B18905104641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.78.1:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"5542DB56-A0FC-492F-B889-F5F0F8DE5A28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.0.79:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"737865C9-B35C-45B4-978D-B51992D5D6CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.1.0:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"2E44E609-7C50-4C74-9E77-55E833D45D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.1.2:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"19FC95ED-1EDF-473D-9954-5398DBF2A23D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.1.7:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"341B8D36-E6D6-4555-9A50-7986090D8B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.1.9:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"78D68162-9B3B-4FAD-8C79-DD65EA998E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagely:nextgen_gallery:2.1.10:*:*:*:*:wordpress:*:*\",\"matchCriteriaId\":\"A1752EB1-23DF-4E8A-9367-4AD24595F4B2\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/cybersecurityworks/Disclosed/issues/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://wordpress.org/plugins/nextgen-gallery/#developers\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wpvulndb.com/vulnerabilities/9758\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/cybersecurityworks/Disclosed/issues/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://wordpress.org/plugins/nextgen-gallery/#developers\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wpvulndb.com/vulnerabilities/9758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.