Vulnerabilities > Imagely > Nextgen Gallery > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2013-3684 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
network
low complexity
imagely CWE-434
critical
10.0
2017-09-12 CVE-2015-9228 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
network
low complexity
imagely CWE-434
critical
9.0