Lucene search

[email protected]CVE-2014-5201

HistoryAug 12, 2014 - 8:55 p.m.

CVE-2014-5201

2014-08-1220:55:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-5201

sql injection

gallery objects

wordpress

vulnerability

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.7%

JSON

SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.

Affected configurations

NVD

Node

gallery_objects_projectgallery_objectsMatch0.4---wordpress

CPENameOperatorVersion
gallery_objects_project:gallery_objectsgallery objects project gallery objectseq0.4

CPE	Name	Operator	Version
gallery_objects_project:gallery_objects	gallery objects project gallery objects	eq	0.4

References

packetstormsecurity.com/files/127533/WordPress-Gallery-Objects-0.4-SQL-Injection.html

www.homelab.it/index.php/2014/07/18/wordpress-gallery-objects-0-4-sql-injection/#sthash.ftMVwBVK.dpbs

www.securityfocus.com/bid/68791

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.7%

JSON

Related for CVE-2014-5201

prion1 patchstack1 cvelist1 nvd1 wpvulndb1