CVE-2019-14314 β€” SQL Injection in Nextgen Gallery

CWE-89 β€” SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
32.4%
top 3.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagely Nextgen Gallery
Timeline
PublishedAug 27
Latest updateMay 24

Description

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDimagely/nextgen_gallery< 3.2.10

πŸ”΄Vulnerability Details

2
GHSA
GHSA-8x6r-m6rj-9v3q: A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3β†—2022-05-24
β–Ά
CVEList
CVE-2019-14314: A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3β†—2019-08-27
β–Ά
CVE-2019-14314 β€” SQL Injection in Nextgen Gallery | cvebase