Lucene search

K
patchstackN/APATCHSTACK:F33DD304CD10C430D481D0062D7224D8
HistoryJan 27, 2015 - 12:00 a.m.

WordPress Photo Gallery plugin <= 1.2.100 - SQL Injection

2015-01-2700:00:00
N/A
patchstack.com
8

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via “the asc_or_desc” parameter in the galleries_bwg page to wp-admin/admin.php.

Solution

           Upgrade the plugin. 
CPENameOperatorVersion
photo gallery by 10weble1.2.100

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Related for PATCHSTACK:F33DD304CD10C430D481D0062D7224D8