Vulnerability Description
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagely | Nextgen Gallery | < 2.1.57 |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/346175Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/94356/Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/346175Third Party AdvisoryUS Government Resource
- https://www.securityfocus.com/bid/94356/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-6565?
CVE-2016-6565 is a vulnerability with a CVSS score of 7.5 (HIGH). The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to...
How severe is CVE-2016-6565?
CVE-2016-6565 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6565?
Check the references section above for vendor advisories and patch information. Affected products include: Imagely Nextgen Gallery.