Vulnerability Details CVE-2014-2558
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.0%
CVSS Severity
CVSS v2 Score 6.5
References
- http://seclists.org/fulldisclosure/2014/Apr/305
- http://wordpress.org/plugins/file-gallery/changelog/
- http://www.securityfocus.com/bid/67120
- http://www.securityfocus.com/bid/67183
- http://seclists.org/fulldisclosure/2014/Apr/305
- http://wordpress.org/plugins/file-gallery/changelog/
- http://www.securityfocus.com/bid/67120
- http://www.securityfocus.com/bid/67183
Products affected by CVE-2014-2558
-
cpe:2.3:a:skyphe:file-gallery:1.1
-
cpe:2.3:a:skyphe:file-gallery:1.2
-
cpe:2.3:a:skyphe:file-gallery:1.3
-
cpe:2.3:a:skyphe:file-gallery:1.4
-
cpe:2.3:a:skyphe:file-gallery:1.5
-
cpe:2.3:a:skyphe:file-gallery:1.5.1
-
cpe:2.3:a:skyphe:file-gallery:1.5.2
-
cpe:2.3:a:skyphe:file-gallery:1.5.3
-
cpe:2.3:a:skyphe:file-gallery:1.5.4
-
cpe:2.3:a:skyphe:file-gallery:1.5.5
-
cpe:2.3:a:skyphe:file-gallery:1.5.6
-
cpe:2.3:a:skyphe:file-gallery:1.5.7
-
cpe:2.3:a:skyphe:file-gallery:1.5.8
-
cpe:2.3:a:skyphe:file-gallery:1.5.9
-
cpe:2.3:a:skyphe:file-gallery:1.6
-
cpe:2.3:a:skyphe:file-gallery:1.6.0.1
-
cpe:2.3:a:skyphe:file-gallery:1.6.2
-
cpe:2.3:a:skyphe:file-gallery:1.6.3
-
cpe:2.3:a:skyphe:file-gallery:1.6.4
-
cpe:2.3:a:skyphe:file-gallery:1.6.4.1
-
cpe:2.3:a:skyphe:file-gallery:1.6.5
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.1
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.2
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.3
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.4
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.5
-
cpe:2.3:a:skyphe:file-gallery:1.6.5.6
-
cpe:2.3:a:skyphe:file-gallery:1.6.6
-
cpe:2.3:a:skyphe:file-gallery:1.7
-
cpe:2.3:a:skyphe:file-gallery:1.7.1
-
cpe:2.3:a:skyphe:file-gallery:1.7.2
-
cpe:2.3:a:skyphe:file-gallery:1.7.3
-
cpe:2.3:a:skyphe:file-gallery:1.7.4
-
cpe:2.3:a:skyphe:file-gallery:1.7.4.1
-
cpe:2.3:a:skyphe:file-gallery:1.7.5
-
cpe:2.3:a:skyphe:file-gallery:1.7.5.1
-
cpe:2.3:a:skyphe:file-gallery:1.7.5.3
-
cpe:2.3:a:skyphe:file-gallery:1.7.6
-
cpe:2.3:a:skyphe:file-gallery:1.7.7
-
cpe:2.3:a:skyphe:file-gallery:1.7.8
-
cpe:2.3:a:skyphe:file-gallery:1.7.9