Image Gallery Plugin up to 1.2.0 on WordPress wp-admin/admin.php id sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Image Gallery Plugin up to 1.2.0 on WordPress (Photo Gallery Software) and classified as critical. Affected by this vulnerability is some unknown processing of the file wp-admin/admin.php. Upgrading to version 1.2.1 eliminates this vulnerability.

Field09/26/2017 09:26 AM11/19/2019 03:16 PM
typePhoto Gallery SoftwarePhoto Gallery Software
nameImage Gallery PluginImage Gallery Plugin
version<=1.2.0<=1.2.0
platformWordPressWordPress
filewp-admin/admin.phpwp-admin/admin.php
argumentidid
input_typeParameterParameter
cwe89 (sql injection)89 (sql injection)
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.28.2
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1506297600 (09/25/2017)1506297600 (09/25/2017)
locationFull-DisclosureFull-Disclosure
typeMailinglist PostMailinglist Post
urlhttp://seclists.org/fulldisclosure/2017/Sep/55http://seclists.org/fulldisclosure/2017/Sep/55
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.2.11.2.1
cveCVE-2017-14125CVE-2017-14125
cve_assigned15044832001504483200
cve_nvd_published15062976001506297600
cve_nvd_summarySQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days33
cvss3_nvd_basescore9.89.8
discoverydate1506038400

Might our Artificial Intelligence support you?

Check our Alexa App!