Image Gallery Plugin up to 1.2.0 on WordPress wp-admin/admin.php id sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Image Gallery Plugin up to 1.2.0 on WordPress (Photo Gallery Software) and classified as critical. Affected by this vulnerability is some unknown processing of the file wp-admin/admin.php. Upgrading to version 1.2.1 eliminates this vulnerability.

Field	09/26/2017 09:26 AM	11/19/2019 03:16 PM
type	Photo Gallery Software	Photo Gallery Software
name	Image Gallery Plugin	Image Gallery Plugin
version	<=1.2.0	<=1.2.0
platform	WordPress	WordPress
file	wp-admin/admin.php	wp-admin/admin.php
argument	id	id
input_type	Parameter	Parameter
cwe	89 (sql injection)	89 (sql injection)
risk	2	2
cvss2_vuldb_basescore	7.5	7.5
cvss2_vuldb_tempscore	6.5	6.5
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_nvd_av	N	N
cvss2_nvd_ac	L	L
cvss2_nvd_au	N	N
cvss2_nvd_ci	P	P
cvss2_nvd_ii	P	P
cvss2_nvd_ai	P	P
cvss3_meta_basescore	8.5	8.5
cvss3_meta_tempscore	8.2	8.2
cvss3_vuldb_basescore	7.3	7.3
cvss3_vuldb_tempscore	7.0	7.0
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_nvd_av	N	N
cvss3_nvd_ac	L	L
cvss3_nvd_pr	N	N
cvss3_nvd_ui	N	N
cvss3_nvd_s	U	U
cvss3_nvd_c	H	H
cvss3_nvd_i	H	H
cvss3_nvd_a	H	H
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)
location	Full-Disclosure	Full-Disclosure
type	Mailinglist Post	Mailinglist Post
url	http://seclists.org/fulldisclosure/2017/Sep/55	http://seclists.org/fulldisclosure/2017/Sep/55
price_0day	$0-$5k	$0-$5k
name	Upgrade	Upgrade
upgrade_version	1.2.1	1.2.1
cve	CVE-2017-14125	CVE-2017-14125
cve_assigned	1504483200	1504483200
cve_nvd_published	1506297600	1506297600
cve_nvd_summary	SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.	SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	X	X
0day_days	3	3
cvss3_nvd_basescore	9.8	9.8
discoverydate		1506038400

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!