Vulnerabilities and security researches fornextgen-gallery-geo nextgen-gallery-geo

Jun 07, 2024

CVE, Research URL: 4624f982-a331-414c-88c3-12761807ec95
Home page URL: Security reports for Geo2 Maps Add-on for NextGEN Gallery
Application: Geo2 Maps Add-on for NextGEN Gallery
Date: -
Research Description: Geo2 Maps Add-on for NextGEN Gallery [nextgen-gallery-geo] < 2.0.3 (closed) Geo2 Maps Add-on for NextGEN Gallery < 2.0.3 - Unauthenticated PHP Object Injection The plugin nextgen-gallery-geo insecurely trusts serialised data submitted over the AJAX ngg_geo_showmap (v <= 1.0.0) or geo2_maps_showmap (v <= 2.0.2) actions, available to both unauthenticated and authenticated users. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Affected versions: Min -, max -.
Status: vulnerable