CVE-2015-9228

{"id": "CVE-2015-9228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-09-12T08:29:00.177", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/10/27/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cybersecurityworks.com/zerodays/cve-2015-9228-crony.html", "source": "cve@mitre.org"}, {"url": "https://github.com/cybersecurityworks/Disclosed/issues/6", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/135061/WordPress-NextGEN-Gallery-2.1.10-Shell-Upload.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/nextgen-gallery/#developers", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/9758", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php."}, {"lang": "es", "value": "En post-new.php en el plugin Photocrati NextGEN Gallery 2.1.10 para WordPress, la subida de archivos sin restricci\u00f3n est\u00e1 disponible mediante el par\u00e1metro name, si se cambia una extensi\u00f3n de archivo de .jpg a .php."}], "lastModified": "2020-10-29T22:15:13.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "ECF39D62-E336-4243-ACFB-A6D324D02735"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7DDC7F69-7B09-4BDE-9405-02EF40C3CC65"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F6DD0D5B-4178-47AE-ABC6-86BD795BAA68"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "878F4E89-8C65-42C9-97ED-3FD5F35415B9"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EA006ED6-6455-4DDE-A6F8-F84F0380E0CC"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.5.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F41641EB-D8DA-4598-8338-8DEDA1BFD65B"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.6.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C1633F1D-2797-494A-8213-0AD2B96AE76F"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.6.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4BBBDB58-1C90-4DD5-BA14-B9A10955272A"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.6.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A08D2455-5B30-4E35-BEED-33A41F837A45"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.7.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CA767401-0C0E-4FD6-B686-23AB5CC5B7E3"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.7.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D5545913-8CC4-4559-B8A6-E5212446B0ED"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.7.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "57910DFC-7B96-46A7-9F10-BB1CC994A7F5"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.7.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D7AD2209-DFCB-4BD0-844E-5AD4B756E009"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.7.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E8EC80CF-CD5B-4BB1-9D07-E4B262639DAA"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.8.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A0770FC5-82B9-4950-BFF7-B15630A41478"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.8.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AB3DA7A6-D7D3-4CC6-8568-1C28B188CE74"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.8.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D0D6F302-ACD8-442D-A1D1-F9CFB5EE73AA"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.8.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "69F1393A-D423-4FCE-B0D1-6CDB99C9510F"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.8.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FD6109B8-1AC2-49EA-8E49-1514140B61EB"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E6048730-3C3D-47E1-BB4B-C4034E95BE76"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CEBB47C9-E4EF-48D1-A716-633F64E98FB5"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F9C0F33D-63BA-4785-863C-F66D6DC8B17E"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "140F7A5D-90F2-4668-B0D7-17F282C3ABC8"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "68918C13-FD8C-4C02-9837-DA8D4C201524"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "865470F4-692D-4D85-A605-3C8DF13C56DB"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1EFD94A3-C7DC-48F3-928B-B3AB1EA888F0"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6E1737C5-3B82-457F-9E17-A6DB6FD4F814"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2678D97A-4B72-4F8D-8243-049F4E3E1359"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.11:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7552C209-65EB-4F60-85F4-0076FCB269A4"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.12:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "847815E1-8B82-4B03-BFAA-81AEE13D5257"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:1.9.13:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B0A47074-8EEE-4B6E-A49E-447748CB50E6"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F61E6D1B-4E20-44FD-965A-2665BF795701"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3AD74515-3C69-48F0-821E-26F46BCC2D0C"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.11:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "08B2053E-F619-48C7-8AF8-D48B93CEDE02"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.14:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5A92F7F0-F09B-4403-99F3-698B5EE44FAD"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.17:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "07185165-9E9D-467B-B6EB-23F8E15A2AD0"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.21:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A39C401A-D1BA-4823-A6FE-6B53F4791397"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.23:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C348E70B-284E-4079-B14D-DC5A7248C153"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.25:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C55898A2-416F-4C9A-9DBE-16EA615E43CA"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.27:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0E474EE7-90B9-43EA-BF8A-FADB24FE1099"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.30:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A163DB2B-A390-4BC8-BE95-690FF92459E9"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.31:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B85ACA9D-9706-44C0-B41B-EE1852A2E8C1"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.33:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "75AADE1E-74B9-4CA6-8187-6A23A426BB10"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.40:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D678C568-FBD6-4536-B9AD-933C50448236"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.57:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "01F1AFD7-4A5C-4108-B837-59EC1746D9FE"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.58:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D49F3E69-DA63-4A8A-B75A-22FE62AE83E9"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.59:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A634C3AE-EC06-4A84-8C63-D53DAFABA318"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.61:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "968B4D91-88D5-45CE-8289-559B6DD4AD32"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.63:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D92BCD1F-50E4-4F7D-BC73-D2EF0FB10F83"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.65:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A191CCD7-2F0D-4016-BD5F-50FDB76592C7"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "217B1BF7-A441-4DA5-A76A-977762DE55BE"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.16:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "18BDD805-DF7F-4C45-9355-DF295B13B4DB"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.17:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A7812E37-77E5-461F-8628-3FD5CFE74E77"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.26:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D755C209-FCDB-4ED6-8225-F0B650D08465"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.27:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EB961C92-2067-44D7-9270-0675017B0411"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.29:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BFDA3C18-99A1-4D04-A9D9-1F302C2CE587"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.31:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "89DB4CF6-84A7-4740-A8EC-87E603F77DB8"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.66.33:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D1382393-AD68-40B5-BD86-3B13D46D8A95"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.71:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "48D810DF-8A7D-471B-BD90-9926254F96FA"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.74:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E1B1D4AB-8318-4A58-AE36-1DA9253B30F7"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.76:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9E218B63-D5CB-4C92-8CFF-17175E24554F"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.77:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "01C95D3E-C13C-4DBE-9948-0F65720446B9"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.78:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AFDC464A-4846-4C04-905F-B18905104641"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.78.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5542DB56-A0FC-492F-B889-F5F0F8DE5A28"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.0.79:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "737865C9-B35C-45B4-978D-B51992D5D6CE"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.1.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2E44E609-7C50-4C74-9E77-55E833D45D9B"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.1.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "19FC95ED-1EDF-473D-9954-5398DBF2A23D"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.1.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "341B8D36-E6D6-4555-9A50-7986090D8B2F"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.1.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "78D68162-9B3B-4FAD-8C79-DD65EA998E41"}, {"criteria": "cpe:2.3:a:imagely:nextgen_gallery:2.1.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A1752EB1-23DF-4E8A-9367-4AD24595F4B2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}