Lucene search
Ramuel GallWPVDB-ID:7E1F1083-4C41-41C8-BBF0-640484384196HistoryFeb 08, 2021 - 12:00 a.m.
NextGen Gallery < 3.5.0 - CSRF allows File Upload
2021-02-0800:00:00
Ramuel Gall
wpscan.com
13
nextgen gallery
csrf
file upload
validate ajax request
nonce parameter
arbitrary code
image file
php code
cve-2020-35942
software
EPSS
0.001
Percentile
27.4%
It was possible to bypass the “validate_ajax_request” function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942
Related
cve
cve
CVE-2020-35943
2021-02-09 18:15:45
prion
prion
Cross site request forgery (csrf)
2021-02-09 18:15:00
patchstack
patchstack
nvd
nvd
CVE-2020-35943
2021-02-09 18:15:45
cvelist
cvelist
CVE-2020-35943
2021-02-09 17:49:27
openvas
openvas
WordPress NextGEN Gallery Plugin < 3.5.0 Multiple Vulnerabilities
2021-02-11 00:00:00
threatpost
threatpost
Critical WordPress Plugin Flaw Allows Site Takeover
2021-02-08 21:11:57