CVE-2016-6565

CVE-2016-6565: The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file

Vendor Imagely
Product NextGen Gallery plugin
Weakness CWE-98 · PHP file inclusion
Published July 13, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 6, 2024 Record updated