WordPress Plugin Vulnerabilities

GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection

Description

The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a lib/hitcounter.php pid Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
flash-album-gallery
Fixed in 0.60

References

Exploitdb
16947

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
773e12c9-edb1-4054-97e1-37e23ef08325

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2021-08-20 (about 4 years ago)

Other

Published
Title
Published
2025-06-11
Title
School Management <= 92.0.0 - Unauthenticated SQL Injection
Published
2025-02-18
Title
LTL Freight Quotes – Old Dominion Edition < 4.2.11 - Unauthenticated SQL Injection
Published
2021-08-06
Title
Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
Published
2014-09-19
Title
FB Gorilla - SQL Injection
Published
2014-08-01
Title
Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit