CVE-2015-9538 Information

Feb 14, 2021 cve

Description

The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://cxsecurity.com/issue/WLB-2015080165 https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html https://github.com/cybersecurityworks/Disclosed/issues/2 https://packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Site-Scripting-Path-Traversal.html https://wordpress.org/plugins/nextgen-gallery/developers https://www.openwall.com/lists/oss-security/2015/08/28/4 https://www.openwall.com/lists/oss-security/2015/09/01/7

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: