CVE-2014-2558

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-2558
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://wordpress.org/plugins/file-gallery/changelog/ Patch
http://www.securityfocus.com/bid/67183
http://www.securityfocus.com/bid/67120
http://seclists.org/fulldisclosure/2014/Apr/305 Exploit
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:skyphe:file-gallery:1.7.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:-:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc14:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.6:beta:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc6:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.5:beta2:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.4:rc2:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc7:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:b:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:rc1:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.5:-:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:b3:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc9:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc8:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc12:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:b2:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.5.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc5:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.8:b2:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.4:-:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc10:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc11:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc4:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5:a:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.5.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.8:-:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7.5:beta1:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc13:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.5.8:b1:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.6.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:skyphe:file-gallery:1.7:rc3:*:*:*:wordpress:*:*
Information

Published : 2014-05-06 07:55

Updated : 2014-05-07 06:23

NVD link : CVE-2014-2558

Mitre link : CVE-2014-2558

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

skyphe

  • file-gallery