9 matches found
EUVD-2021-11369
Malware in sbrugna...
CVE-2021-24457
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
The vulnerability of the `get_portfolios()` and `get_portfolio_attributes()` functions in the Portfolio Responsive Gallery plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.
The vulnerability of the getportfolios and getportfolioattributes functions in the Portfolio Responsive Gallery plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow a remote attacker ...
CVE-2021-24457
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
Sql injection
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
CVE-2021-24457
The CVE-2021-24457 entry concerns the WordPress plugin Portfolio Responsive Gallery (versions before 1.1.8). The connected documents confirm a concrete vulnerability: get_portfolios() and get_portfolio_attributes() fail to whitelist/validate the orderby parameter before using it in SQL in get_res...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Portfolio Responsive Gallery prior to...
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to...