WordPress NextGEN Gallery 'jqueryFileTree.php' Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress NextGEN Gallery Plugin and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to read arbitrary file details on the target system. Impact Level: Application

Solution

Upgrade to WordPress NextGEN Gallery version 2.0.7 or later, For updates refer to http://wordpress.org/plugins/nextgen-gallery

Insight

Flaw is due to the 'jquery.filetree/connectors/jqueryFileTree.php' script not properly sanitizing user input, specifically absolute paths passed via 'file' POST parameters.

Affected

WordPress NextGEN Gallery Plugin version 2.0.0, Other versions may also be affected.

Detection

Send a crafted data via HTTP GET request and check whether it is able to read local directory list or not.

References

http://packetstormsecurity.com/files/125285
http://seclists.org/fulldisclosure/2014/Feb/171
http://www.osvdb.com/103473

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities