Vulnerability in N/a
CVE-2015-9538
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
EPSS: 0.703 (98.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- wordpress.org/plugins/nextgen-gallery/ (x_refsource_MISC)
- github.com/cybersecurityworks/Disclosed/issues/2 (x_refsource_MISC)
- packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Sit… (x_refsource_MISC)
- cxsecurity.com/issue/WLB-2015080165 (x_refsource_MISC)
- www.openwall.com/lists/oss-security/2015/08/28/4 (x_refsource_MISC)
- www.openwall.com/lists/oss-security/2015/09/01/7 (x_refsource_MISC)
- cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2015-9538?
- CVE-2015-9538 is a vulnerability in N/a. Published 2019-11-26.
- Is CVE-2015-9538 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.