Lucene search

K
cve[email protected]CVE-2014-5186
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-5186

2022-10-0316:20:42
CWE-89
web.nvd.nist.gov
18
cve-2014-5186
sql injection
all video gallery
wordpress
remote authenticated administrators
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.

Affected configurations

NVD
Node
all_video_gallery_plugin_projectall-video-galleryMatch1.2wordpress

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%