CVE-2015-1055SQL Injection in Photo Gallery

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
10web Photo Gallery
Timeline
PublishedJan 16
Latest updateMay 14

Description

SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g27q-hphj-9pm4: SQL injection vulnerability in the Photo Gallery plugin 12022-05-14
CVEList
CVE-2015-1055: SQL injection vulnerability in the Photo Gallery plugin 12015-01-16
CVE-2015-1055 — SQL Injection in 10web Photo Gallery | cvebase