Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Sep 2015 13:00:00 +0530
From: Dis close <disclose@...ersecurityworks.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE Request - LFI/Path Traversal in NextGen Gallery WordPress Plugin.

Hi List:


After the vulnerability was disclosed in public the vendor has fixed the
issue on the same day 28-08-2015 in the latest version i.e NextGen Gallery
2.1.9. (https://wordpress.org/plugins/nextgen-gallery/) .

Please let us know the status for the CVE.


On 28 August 2015 at 15:50, Dis close <disclose@...ersecurityworks.com>
wrote:

> Hi List:
>
>
> We are requesting CVE for the below mentioned security issue in NextGen
> Gallery Plugin:
>
>
> Plugin Details:
> ==============
> Plugin Name: NextGen Gallery
> Version: 2.1.7
> Homepage: https://wordpress.org/plugins/nextgen-gallery/
>
>
>
> Description
> ===============
> NextGEN Gallery is most popular *WordPress Gallery Plugin *with over 13
> millions downloads.
>
> Vulnerability
> ===============
> The plugin fails to validate user input in one of the variables, which
> allows a  log-in user to access system files and other unauthorized files
> on the server.
>
> POC Video Link: https://www.youtube.com/watch?v=KkPVMxubUis
>
>
> Proof of Concept
> ================
>
> Accessing the POST request http://localhost/wordpress/?photocrati_ajax=1
> and modifying the *dir* variable with ../../../ input user can traverse
> file system and access files even outside the application directory.
>
>
> Disclosure Timeline
> ==================
>
> 17-02-2015: Reported to WP Plugins
> 18-02-2015: Acknowledged by WP Plugin, saying that vendor will be
> informed. But till now no response from WP plugin or vendor.
>
>
> Discovered by ( Please provide credit to following)
> =====================================
>
> Sathish Kumar
> Cyber Security Works Pvt Ltd.
>
>
> ----------
> Cheers !!!
>
> Team CSW
>



-- 
----------
Cheers !!!

Team CSW

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ