WordPress Plugin Vulnerabilities

Photo Gallery < 1.2.11 - Blind SQL Injection

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.2.11

References

CVE
CVE-2015-1393
URL
https://packetstormsecurity.com/files/#130148/
URL
https://seclists.org/bugtraq/2015/Jan/141

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
aceaf39c-9e02-4042-92a6-9fd6ddaea094

Timeline

Publicly Published
2015-01-28 (about 11 years ago)
Added
2015-01-28 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-06-24
Title
Quiz Maker < 6.5.8.4 - Unauthenticated SQL Injection via 'ays_questions' Parameter
Published
2023-02-20
Title
10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
Published
2014-08-01
Title
JS Restaurant - popup.php restuarant_id Parameter SQL Injection
Published
2024-08-07
Title
Docket (WooCommerce Collections / Wishlist / Watchlist) < 1.7.0 - Unauthenticated SQL Injection
Published
2026-01-08
Title
Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure