CVE Vulnerability

CVE-2021-24349

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gallery_from_files_project:gallery_from_files:*:*:*:*:*:wordpress:*:*
Information

Published : 2021-06-14 02:15

Updated : 2022-11-09 03:53

NVD link : CVE-2021-24349

Mitre link : CVE-2021-24349

Products Affected
No products.
CWE
CWE-352

CWE-79