Lucene search
HistoryOct 21, 2014 - 2:55 p.m.
CVE-2014-8375
cve
2014
8375
sql injection
gbgallery.php
gb gallery slideshow
wordpress
remote administrators
arbitrary sql commands
selected_group parameter
gb_ajax_get_group
wp-admin
admin-ajax.php
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.7%
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
Affected configurations
Node
gb-pluginsgb_gallery_slideshowMatch1.5wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| gb-plugins:gb_gallery_slideshow | gb-plugins gb gallery slideshow | eq | 1.5 |
Related
wpvulndb
wpvulndb
GB Gallery Slideshow 1.5 - SQL Injection
2014-11-02 13:12:44
prion
prion
Sql injection
2014-10-21 14:55:00
cvelist
cvelist
CVE-2014-8375
2014-10-21 14:00:00
patchstack
patchstack
WordPress GB Gallery Slideshow Plugin - SQL Injection
2014-08-11 00:00:00
nvd
nvd
CVE-2014-8375
2014-10-21 14:55:04
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.7%
Related for CVE-2014-8375