CVE-2023-3279

NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 no valida algunos atributos de bloque antes de usarlos para generar rutas pasadas para incluir funciones, lo que permite a los usuarios administradores realizar ataques LFI

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.38 via the 'Select View' field in the plugin's developer tools. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

*Credits: Alex Sanford, WPScan

CVSS Scores

NISTv3.1 4.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-06-15 CVE Reserved
2023-09-25 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-09-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Imagely Search vendor "Imagely"		Nextgen Gallery Search vendor "Imagely" for product "Nextgen Gallery"				< 3.39 Search vendor "Imagely" for product "Nextgen Gallery" and version " < 3.39"		wordpress		Affected