CVE-2014-2558 – File Gallery < 1.7.9.2 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2014-2558

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. El plugin File Gallery anterior a 1.7.9.2 para WordPress no escapa debidamente cadenas, lo que permite a administradores remotos ejecutar código PHP arbitrario a través de un \' (barra invertida comilla) en los campos de configuración hacia /wp-admin/options-media.php, relacionado con la función create_function. • http://seclists.org/fulldisclosure/2014/Apr/305 http://wordpress.org/plugins/file-gallery/changelog http://www.securityfocus.com/bid/67120 http://www.securityfocus.com/bid/67183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •