CVE-2017-12977SQL Injection in Photo Gallery

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
10web Photo Gallery
Timeline
PublishedAug 21
Latest updateMay 14

Description

The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6j2g-pvxc-h538: The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 12022-05-14
CVEList
CVE-2017-12977: The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 12017-08-21
CVE-2017-12977 — SQL Injection in 10web Photo Gallery | cvebase