Date: Tue, 1 Sep 2015 13:00:00 +0530 From: Dis close <disclose@...ersecurityworks.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE Request - LFI/Path Traversal in NextGen Gallery WordPress Plugin. Hi List: After the vulnerability was disclosed in public the vendor has fixed the issue on the same day 28-08-2015 in the latest version i.e NextGen Gallery 2.1.9. (https://wordpress.org/plugins/nextgen-gallery/) . Please let us know the status for the CVE. On 28 August 2015 at 15:50, Dis close <disclose@...ersecurityworks.com> wrote: > Hi List: > > > We are requesting CVE for the below mentioned security issue in NextGen > Gallery Plugin: > > > Plugin Details: > ============== > Plugin Name: NextGen Gallery > Version: 2.1.7 > Homepage: https://wordpress.org/plugins/nextgen-gallery/ > > > > Description > =============== > NextGEN Gallery is most popular *WordPress Gallery Plugin *with over 13 > millions downloads. > > Vulnerability > =============== > The plugin fails to validate user input in one of the variables, which > allows a log-in user to access system files and other unauthorized files > on the server. > > POC Video Link: https://www.youtube.com/watch?v=KkPVMxubUis > > > Proof of Concept > ================ > > Accessing the POST request http://localhost/wordpress/?photocrati_ajax=1 > and modifying the *dir* variable with ../../../ input user can traverse > file system and access files even outside the application directory. > > > Disclosure Timeline > ================== > > 17-02-2015: Reported to WP Plugins > 18-02-2015: Acknowledged by WP Plugin, saying that vendor will be > informed. But till now no response from WP plugin or vendor. > > > Discovered by ( Please provide credit to following) > ===================================== > > Sathish Kumar > Cyber Security Works Pvt Ltd. > > > ---------- > Cheers !!! > > Team CSW > -- ---------- Cheers !!! Team CSW
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ