CVE-2014-2558 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
skyphe	file-gallery	𝑥 ≤ 1.7.9
skyphe	file-gallery	1.1
skyphe	file-gallery	1.2
skyphe	file-gallery	1.3
skyphe	file-gallery	1.4
skyphe	file-gallery	1.5
skyphe	file-gallery	1.5:a
skyphe	file-gallery	1.5:b
skyphe	file-gallery	1.5:b2
skyphe	file-gallery	1.5:b3
skyphe	file-gallery	1.5:rc1
skyphe	file-gallery	1.5.1
skyphe	file-gallery	1.5.2
skyphe	file-gallery	1.5.3
skyphe	file-gallery	1.5.4
skyphe	file-gallery	1.5.5
skyphe	file-gallery	1.5.6
skyphe	file-gallery	1.5.7
skyphe	file-gallery	1.5.8
skyphe	file-gallery	1.5.8:b1
skyphe	file-gallery	1.5.8:b2
skyphe	file-gallery	1.5.9
skyphe	file-gallery	1.6
skyphe	file-gallery	1.6.0.1
skyphe	file-gallery	1.6.2
skyphe	file-gallery	1.6.3
skyphe	file-gallery	1.6.4
skyphe	file-gallery	1.6.4.1
skyphe	file-gallery	1.6.5
skyphe	file-gallery	1.6.5.1
skyphe	file-gallery	1.6.5.2
skyphe	file-gallery	1.6.5.3
skyphe	file-gallery	1.6.5.4
skyphe	file-gallery	1.6.5.5
skyphe	file-gallery	1.6.5.6
skyphe	file-gallery	1.6.6:beta
skyphe	file-gallery	1.7
skyphe	file-gallery	1.7:rc10
skyphe	file-gallery	1.7:rc11
skyphe	file-gallery	1.7:rc12
skyphe	file-gallery	1.7:rc13
skyphe	file-gallery	1.7:rc14
skyphe	file-gallery	1.7:rc3
skyphe	file-gallery	1.7:rc4
skyphe	file-gallery	1.7:rc5
skyphe	file-gallery	1.7:rc6
skyphe	file-gallery	1.7:rc7
skyphe	file-gallery	1.7:rc8
skyphe	file-gallery	1.7:rc9
skyphe	file-gallery	1.7.1
skyphe	file-gallery	1.7.2
skyphe	file-gallery	1.7.3
skyphe	file-gallery	1.7.4
skyphe	file-gallery	1.7.4:rc2
skyphe	file-gallery	1.7.4.1
skyphe	file-gallery	1.7.5
skyphe	file-gallery	1.7.5:beta1
skyphe	file-gallery	1.7.5:beta2
skyphe	file-gallery	1.7.5.1
skyphe	file-gallery	1.7.5.3
skyphe	file-gallery	1.7.6
skyphe	file-gallery	1.7.7
skyphe	file-gallery	1.7.8

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://seclists.org/fulldisclosure/2014/Apr/305

http://wordpress.org/plugins/file-gallery/changelog/

http://www.securityfocus.com/bid/67120

http://www.securityfocus.com/bid/67183

http://seclists.org/fulldisclosure/2014/Apr/305

http://wordpress.org/plugins/file-gallery/changelog/

http://www.securityfocus.com/bid/67120

http://www.securityfocus.com/bid/67183