RSS   Vulnerabilities for 'File-gallery'   RSS

2014-05-06
 
CVE-2014-2558

CWE-94
 

 
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

 


Copyright 2024, cxsecurity.com

 

Back to Top