Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Gallery-Flagallery Photo Portfolio Multiple Vulnerabilities (2.00)

Description

WordPress Plugin Gallery-Flagallery Photo Portfolio is prone to multiple SQL injection, directory traversal and arbitrary file overwrite vulnerabilities. A successful exploit may allow an attacker to overwrite arbitrary files on the affected computer, compromise the application, disclose or delete potentially sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Gallery-Flagallery Photo Portfolio version 2.00 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 2.17 or latest

References

http://www.waraxe.us/advisory-94.html

http://packetstormsecurity.com/files/117665/WordPress-GRAND-Flash-Album-Gallery-SQL-Injection-Disclosure-File-Overwrite.html

http://secunia.com/advisories/51100/

http://secunia.com/advisories/51601/

Related Vulnerabilities

MySQL CVE-2021-2226 Vulnerability (CVE-2021-2226)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3680)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42130)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5715)

WebLogic CVE-2021-1994 Vulnerability (CVE-2021-1994)

Severity

High

Classification

CWE-22 CWE-89 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update