dxw advisories. It’s easy for simple photo galleries, but powerful enough for the most demanding photographers, visual artists, and imaging professionals. WordPress NextGEN Gallery Directory Read Vulnerability Created. 8-9 Hoxton Square London, N1 6NU. CVE-2010-1186CVE-63574 . As part of a vulnerability research project for our This vulnerability can be exploited by attackers in at least two different scenarios:If you fit into any of these two cases, you’re definitely at risk.This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query. Rapid7 Vulnerability & Exploit Database WordPress NextGEN Gallery Directory Read Vulnerability Back to Search. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user … Last month security researchers at Sucuri discovered a severe content injection vulnerability in WordPress that It must be noted that days after the vulnerability was exposed In case, you are running NextGen gallery plugin on your website simply update it to the latest version.
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues.While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. webapps exploit for PHP platform If a site uses this plugin and the users are allowed to submit posts, an attacker can exploit the issue by executing malicious code via shortcodes, while the other possibility is if a site uses the NextGen basic tag cloud gallery in which case it can be exploited by executing SQL queries by modifying the URL of the gallery.Up till now, this vulnerability hasn’t been exploited, but with over 1 million active installs of the faulty version of this plugin, one can only assume that havoc can cause if this issue isn’t sorted quickly.Also, this isn’t the first time that the NextGen plugin has been infected with a critical vulnerability. NextGEN Gallery has been the industry's standard WordPress gallery plugin since 2007 and continues to receive over 1.5 million new downloads per year.
over to Google Hacking Database.
NextGEN Gallery plugin for WordPress does not prevent directory browsing and allows remote attackers to access the galleries and image files directly via HTTP requests. In every scenario we must ask ourselves a few simple questions:From the prepare method’s code, we notice that few changes are performed on the original SQL code. Contact.