[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-2558Date: (C)2014-05-15   (M)2021-06-02


The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://seclists.org/fulldisclosure/2014/Apr/305
BID-67120
BID-67183
http://wordpress.org/plugins/file-gallery/changelog/

CPE    62
cpe:/a:skyphe:file-gallery:1.6.3::~~~wordpress~~
cpe:/a:skyphe:file-gallery:1.7:rc3:~~~wordpress~~
cpe:/a:skyphe:file-gallery:1.6.5.3::~~~wordpress~~
cpe:/a:skyphe:file-gallery:1.7.5.3::~~~wordpress~~
...
CWE    1
CWE-94

© SecPod Technologies