WordPress Plugin Vulnerabilities

Gallery < 1.2.1 - Admin+ SQLi

Description

The plugin does not sanitise and escape the id parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection

Proof of Concept

Affects Plugins

Plugin icon
gallery-album
Fixed in 1.2.1

References

CVE
CVE-2017-14125
URL
https://seclists.org/fulldisclosure/2017/Sep/55
URL
https://plugins.trac.wordpress.org/changeset/1734284/gallery-album

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
ec4ca3c3-8e2f-4e71-80bf-7df8b30bbab7

Timeline

Publicly Published
2017-09-22 (about 8 years ago)
Added
2017-09-22 (about 8 years ago)
Last Updated
2022-06-17 (about 3 years ago)

Other

Published
Title
Published
2024-11-01
Title
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress < 1.1.17 - Authenticated (Subscriber+) SQL Injection
Published
2023-04-07
Title
Spiffy Calendar < 4.9.2 - SQL Injection
Published
2024-07-11
Title
Form Vibes < 1.4.11 - Authenticated (Subscriber+) SQL Injection via fv_export_data
Published
2020-11-20
Title
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
Published
2022-05-20
Title
Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection