Show filters
23 Total Results
Displaying 21-23 of 23
Sort by:
Attacker Value
Unknown

CVE-2018-7586

Disclosure Date: March 01, 2018 (last updated November 26, 2024)
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
0
0
Attacker Value
Unknown

CVE-2015-9229

Disclosure Date: September 12, 2017 (last updated November 26, 2024)
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-9228

Disclosure Date: September 12, 2017 (last updated November 26, 2024)
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
0
0
View More Topics  < Previous