← Back

CVE-2014-2558

nvd nist
Published: May 6, 2014Modified: May 6, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.

Affected (63)

Products: Skyphe: File Gallery
Skyphe
1 product
File Gallery
Configuration A
63 vulnerable
Vulnerable SoftwareAffected Versions
Skyphe
File Gallery
Up to 1.7.9
File Gallery
Version 1.1
File Gallery
Version 1.2
File Gallery
Version 1.3
File Gallery
Version 1.4
File Gallery
Version 1.5.1
File Gallery
Version 1.5.2
File Gallery
Version 1.5.3
File Gallery
Version 1.5.4
File Gallery
Version 1.5.5
File Gallery
Version 1.5.6
File Gallery
Version 1.5.7
File Gallery
Version 1.5.8
File Gallery
Version 1.5.8 b1
File Gallery
Version 1.5.8 b2
File Gallery
Version 1.5.9
File Gallery
Version 1.5
File Gallery
Version 1.5 a
File Gallery
Version 1.5 b2
File Gallery
Version 1.5 b3
File Gallery
Version 1.5 b
File Gallery
Version 1.5 rc1
File Gallery
Version 1.6.0.1
File Gallery
Version 1.6.2
File Gallery
Version 1.6.3
File Gallery
Version 1.6.4.1
File Gallery
Version 1.6.4
File Gallery
Version 1.6.5.1
File Gallery
Version 1.6.5.2
File Gallery
Version 1.6.5.3
File Gallery
Version 1.6.5.4
File Gallery
Version 1.6.5.5
File Gallery
Version 1.6.5.6
File Gallery
Version 1.6.5
File Gallery
Version 1.6.6 beta
File Gallery
Version 1.6
File Gallery
Version 1.7.1
File Gallery
Version 1.7.2
File Gallery
Version 1.7.3
File Gallery
Version 1.7.4.1
File Gallery
Version 1.7.4
File Gallery
Version 1.7.4 rc2
File Gallery
Version 1.7.5.1
File Gallery
Version 1.7.5.3
File Gallery
Version 1.7.5
File Gallery
Version 1.7.5 beta1
File Gallery
Version 1.7.5 beta2
File Gallery
Version 1.7.6
File Gallery
Version 1.7.7
File Gallery
Version 1.7.8
File Gallery
Version 1.7
File Gallery
Version 1.7 rc10
File Gallery
Version 1.7 rc11
File Gallery
Version 1.7 rc12
File Gallery
Version 1.7 rc13
File Gallery
Version 1.7 rc14
File Gallery
Version 1.7 rc3
File Gallery
Version 1.7 rc4
File Gallery
Version 1.7 rc5
File Gallery
Version 1.7 rc6
File Gallery
Version 1.7 rc7
File Gallery
Version 1.7 rc8
File Gallery
Version 1.7 rc9

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.