CVE-2015-9228

Published September 12th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

HIGH

Affected

PROJECT

Description

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

cybersecurityworks/Disclosed

Disclosing Bugs

GitHub