Unrestricted File Upload Vulnerability Affects Gallerio
CVE-2024-52400

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Gallerio
Vendor: CVE Published:; 16 November 2024

Summary

An arbitrary file upload vulnerability exists in Gallerio developed by Subhasis Laha, which permits the upload of files with dangerous types. This flaw allows attackers to upload a web shell to the server, potentially leading to remote code execution. The vulnerability affects all versions of Gallerio up to 1.01 and raises significant security concerns for users, as it opens up pathways for unauthorized access and manipulation of server contents.

Affected Version(s)

Gallerio <= 1.01

References

https://patchstack.com/database/vulnerability/gallerio/wo...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 16, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

C_T_R_L - Chance (Patchstack Alliance)