2 matches found
CVE-2016-11018
The CVE-2016-11018 entry concerns the Huge-IT gallery-images WordPress plugin (pre-1.9.0). The vulnerability is an unauthenticated SQL injection in the image gallery AJAX handler, caused by processing the headers Client-Ip and X-Forwarded-For in gallery-images.php via huge_it_image_gallery_ajax_c...
CVE-2014-7153
The CVE-2014-7153 affects the WordPress Huge-IT Image Gallery plugin (version 1.0.1) via a SQL injection in admin/gallery_func.php: editgallery, exploitable by remote authenticated users through the removeslide parameter to wp-admin/admin.php. Root cause is unsafe SQL construction in the removesl...