1 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 1

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. El plugin File Gallery anterior a 1.7.9.2 para WordPress no escapa debidamente cadenas, lo que permite a administradores remotos ejecutar código PHP arbitrario a través de un \' (barra invertida comilla) en los campos de configuración hacia /wp-admin/options-media.php, relacionado con la función create_function. • http://seclists.org/fulldisclosure/2014/Apr/305 http://wordpress.org/plugins/file-gallery/changelog http://www.securityfocus.com/bid/67120 http://www.securityfocus.com/bid/67183 • CWE-94: Improper Control of Generation of Code ('Code Injection') •