WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (1.2.0)

Description

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Gallery-Image and Video Gallery with Thumbnails version 1.2.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.1 or latest

References

http://seclists.org/fulldisclosure/2017/Sep/55

https://packetstormsecurity.com/files/144288/WordPress-Responsive-Image-Gallery-1.1.8-SQL-Injection.html

https://plugins.svn.wordpress.org/gallery-album/trunk/readme.txt

Related Vulnerabilities

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

Perl Improper Certificate Validation Vulnerability (CVE-2023-31486)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13588)

WordPress Plugin WP Domain Redirect SQL Injection (1.0)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Vulnerabilities (3.1.3)

Severity

High

Classification

CVE-2017-14125 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection