WordPress Plugin Vulnerabilities

ZM Gallery 1.0 – Authenticated Blind SQL Injection

Description

The plugin is still affected and has been closed.

Type user access: admin user.

$_GET[‘order’] is escaped wrong. Attack with Blind Injection

Proof of Concept

Affects Plugins

Plugin icon
zm-gallery
No known fix

References

CVE
CVE-2016-10940
URL
https://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.2 (high)

Miscellaneous

Submitter
Lenon Leite
Submitter website
http://lenonleite.com.br/
Submitter twitter
lenonleite
Verified
No
WPVDB ID
c0cbd314-0f4f-47db-911d-9b2e974bd0f6

Timeline

Publicly Published
2016-12-14 (about 9 years ago)
Added
2016-12-20 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-01-12
Title
DZS Video Gallery < 12.40 - Authenticated (Subscriber+) SQL Injection
Published
2026-01-16
Title
Advanced Ads – Ad Manager & AdSense < 2.0.16 - Authenticated (Admin+) SQL Injection
Published
2024-10-09
Title
Tainacan < 0.21.9 - Authenticated (Subscriber+) SQL Injection
Published
2021-03-15
Title
Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
Published
2015-03-11
Title
Yoast SEO < 1.7.4 - Blind SQL Injection