Lucene search

[email protected]CVE-2014-5186

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-5186

2022-10-0316:20:42

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-5186

sql injection

all video gallery

wordpress

remote authenticated administrators

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%

JSON

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.

Affected configurations

NVD

Node

all_video_gallery_plugin_projectall-video-galleryMatch1.2wordpress

CPENameOperatorVersion
all_video_gallery_plugin_project:all-video-galleryall video gallery plugin project all-video-galleryeq1.2

CPE	Name	Operator	Version
all_video_gallery_plugin_project:all-video-gallery	all video gallery plugin project all-video-gallery	eq	1.2

References

codevigilant.com/disclosure/wp-plugin-all-video-gallery-a1-injection

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2014-5186

wpvulndb1 patchstack1 nvd1 prion1 cvelist1