Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans for exposures in your known & unknown assets.
Our VI platform delivers threat intelligence & context on the latest cyber threats providing you with actionable insights for remediation.
Our vulnerability management continually detects, prioritizes, & plans remediation to protect your entire IT landscape.
Our penetration testing simulates a real-world attack on your digital assets to determine the strength of your security & defenses.
As a partner led organization, we are committed to working with our partners to deliver world-class early warning security intelligence solutions that eliminate the adversary advantage & deliver superior security outcomes for your clients.
A path traversal vulnerability was identified on WordPress plugins NextGen gallery before 2.1.15. An attacker could take advantage of this flaw by crafting a filter name with Local File Inclusion (LFI) payload and traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
ย
.png)
Figure 1: HTTP Request & Response for the vulnerable dir variable with ../../../../../../../../../../../xampp/htdocs/wordpress/ (Any traversal) payload
Note: Similarly, the user can fetch any details from any website hosted on the same server.
An attacker will abuse this vulnerability to view files that should otherwise not be accessible.
Download the latest updated version of the Nextgen plugin and apply the patch as per vendor advisory.
Feb 17, 2015:ย Reported to Vendor
Feb 18, 2015: Acknowledged by Vendor.
Aug 28, 2015: Publicly Released due to no response from Vendor
Nov 26, 2015: CVE Assigned
