ThreatPress

WordPress Vulnerabilities Database

Back

WordPress NextGEN Gallery Plugin - Directory Traversal

Product
NextGEN Gallery
Description
This NextGEN Gallery plugin is prone to a directory-traversal vulnerability via "jqueryFileTree.php". It fails to clean up user-supplied input. Using this plugin an attacker can obtain important information which could aid in further attacks.
Solution
Upgrade the plugin.
Classification
Type Information Disclosure
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.0.0
Fixed In 2.0.1
Disclosure date
2014-02-19
Credits
Tom Adams