{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5481", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-29T18:04:13.803Z", "datePublished": "2024-06-07T09:33:36.357Z", "dateUpdated": "2024-08-01T21:11:12.793Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-07T09:33:36.357Z"}, "affected": [{"vendor": "10web", "product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.8.23", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors."}], "title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"}, {"url": "https://plugins.trac.wordpress.org/changeset/3098798/"}, {"url": "https://wordpress.org/plugins/photo-gallery/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-35 Path Traversal: '.../...//'"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tobias Wei\u00dfhaar"}], "timeline": [{"time": "2024-06-06T21:19:21.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T18:35:17.646938Z", "id": "CVE-2024-5481", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:36:39.514Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.793Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3098798/", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/photo-gallery/#developers", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3098798/", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/photo-gallery/#developers", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.793Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5481", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T18:35:17.646938Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:35:21.842Z"}}], "cna": {"title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function", "credits": [{"lang": "en", "type": "finder", "value": "Tobias Wei\u00dfhaar"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H"}}], "affected": [{"vendor": "10web", "product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.8.23"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-06T21:19:21.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"}, {"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"}, {"url": "https://plugins.trac.wordpress.org/changeset/3098798/"}, {"url": "https://wordpress.org/plugins/photo-gallery/#developers"}], "descriptions": [{"lang": "en", "value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-35 Path Traversal: '.../...//'"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-07T09:33:36.357Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5481", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.793Z", "dateReserved": "2024-05-29T18:04:13.803Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-07T09:33:36.357Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "974320E7-18AE-4738-BE29-52AF8BDA52EE", "versionEndExcluding": "1.8.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors."}, {"lang": "es", "value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.8.23 incluida a trav\u00e9s de la funci\u00f3n esc_dir. Esto hace posible que atacantes autenticados corten y peguen (copien) el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial, y corten (eliminen) directorios arbitrarios, incluido el directorio ra\u00edz de WordPress. De forma predeterminada, esto s\u00f3lo puede ser aprovechado por los administradores. En la versi\u00f3n premium del complemento, los administradores pueden otorgar permisos de edici\u00f3n de la galer\u00eda a usuarios de niveles inferiores, lo que podr\u00eda hacer que esto sea explotable por usuarios tan bajos como contribuyentes."}], "id": "CVE-2024-5481", "lastModified": "2024-06-11T18:00:09.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-07T10:15:11.827", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3098798/"}, {"source": "security@wordfence.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/photo-gallery/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}