CVE-2019-16119
published 2019-09-08CVE-2019-16119: SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
25.44%
97.7th percentile
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 10web | photo_gallery | < 1.5.35 | 1.5.35 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://127.0.0.1/wp-admin/admin-ajax.php?action=albumsgalleries_bwg&album_id=&width=785&height=550&bwg_nonce=9e367490cc&↗
urlhttp://127.0.0.1/wp-admin/admin-ajax.php?action=albumsgalleries_bwg&album_id=0 AND (SELECT 1 FROM (SELECT(SLEEP(10)))BLAH)&width=785&height=550&bwg_nonce=9e367490cc&↗
- →Monitor HTTP GET requests to /wp-admin/admin-ajax.php with the action parameter set to 'albumsgalleries_bwg' and the album_id parameter containing SQL injection payloads (e.g., SLEEP, SELECT subqueries, boolean logic). ↗
- →Alert on time-based blind SQLi patterns in the album_id parameter, specifically payloads matching the pattern: AND (SELECT 1 FROM (SELECT(SLEEP(<N>)))<alias>) ↗
- →Flag requests to admin-ajax.php where the action=albumsgalleries_bwg and album_id is non-numeric or contains SQL keywords (AND, SELECT, SLEEP, FROM). ↗
- ·The exploit targets authenticated admin users (wp-admin context); the vulnerability is exploitable only by users with access to the WordPress admin panel and the Photo Gallery plugin's album management interface. ↗
- ·The bwg_nonce parameter in the PoC request is a WordPress nonce and will vary per session; detection rules should not rely on a static nonce value. ↗
- ·Versions prior to 1.5.35 are vulnerable; the patch was released on 09-04-2019. Ensure the plugin is updated to 1.5.35 or later. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.htmlhttps://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.phphttps://wordpress.org/plugins/photo-gallery/#developershttps://wpvulndb.com/vulnerabilities/9872http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.htmlhttps://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.phphttps://wordpress.org/plugins/photo-gallery/#developershttps://wpvulndb.com/vulnerabilities/9872
2019-09-08
Published