NVD

Id
30963  
Name
CVE-2014-2558  
Description
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a " (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-05-06  
Modified Date
2014-05-07  
Seq
2014-2558  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
162819 30963 CVE-2014-2558 20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)  View
162820 30963 CVE-2014-2558 http://wordpress.org/plugins/file-gallery/changelog/  View
162821 30963 CVE-2014-2558 67120  View
162822 30963 CVE-2014-2558 67183  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13512 JVNDB-2014-002387 WordPress 用 File Gallery プラグインにおける任意の PHP コードを実行される脆弱性 WordPress 用 File Gallery プラグインは、文字列を適切にエスケープしないため、任意の PHP コードを実行される脆弱性が存在します。 CVE-2014-2558 69845 CVE-2014-2558 30963 6.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002387.html 2014-04-13 2014-05-08 View