From e7c9c884e93fb637fd7f07831bf267119da593c7 Mon Sep 17 00:00:00 2001
From: erwanlr <erwanlr@users.noreply.github.com>
Date: Sun, 6 Jul 2014 22:16:49 +0200
Subject: [PATCH] Adds the NextGen Arbitrary File Upload vuln

---
 data/plugin_vulns.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index f2ad1dcd..38c6bf30 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4452,6 +4452,15 @@
   </plugin>
 
   <plugin name="nextgen-gallery">
+  <vulnerability>
+      <title>NextGEN Gallery &amp; 2.0.66 - Arbitrary File Upload (the user must have upload privileges)</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/127340/wpnextgen2063-shell.txt</url>
+      </references>
+      <type>UPLOAD</type>
+      <!-- The 2.0.65 has a bypass, properly fixed in 2.0.66 -->
+      <fixed_in>2.0.66</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>NextGEN Gallery 2.0.0 - Directory Traversal</title>
       <references>