CVE-2022-1281
published 2022-05-02CVE-2022-1281: The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
23.46%
97.5th percentile
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 10web | photo_gallery | <= 1.6.3 | — |
| linux | linux_kernel | >= 0 < 4.15.0-209.220 | 4.15.0-209.220 |
| linux | linux_kernel | >= 0 < 5.4.0-147.164 | 5.4.0-147.164 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck9.8CRITICAL
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-intel-iotg vulnerabilities
osv·2023-05-05·CVSS 5.5
CVE-2023-1281 linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)
It was discovered that the network queuing disci
OSV
linux-hwe-5.15 vulnerabilities
osv·2023-04-25·CVSS 5.5
CVE-2023-1281 linux-hwe-5.15 vulnerabilities
linux-hwe-5.15 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)
It was discovered that the network queuing discipl
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, lin
osv·2023-04-19·CVSS 5.5
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, lin
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022
OSV
linux-oem-5.17 vulnerabilities
osv·2023-04-19·CVSS 6.7
CVE-2023-1281 linux-oem-5.17 vulnerabilities
linux-oem-5.17 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the Integrity Measurement Architecture (IMA)
implementation in the Linux kernel did not properly enforce policy in
certain conditions. A privileged attacker could use this to bypass Kernel
lockdown restrictions. (CVE-2022-21505)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physical access could
plug in a specially crafted USB device to cause a denial of service (memory
exhaustion). (CVE-2022-39
OSV
linux-snapdragon vulnerabilities
osv·2023-04-19·CVSS 5.5
CVE-2023-1281 linux-snapdragon vulnerabilities
linux-snapdragon vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
osv·2023-04-19·CVSS 4.6
CVE-2023-1281 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physical access could
plug in a specially crafted USB device to cause a denial of service (memory
exhaustion). (CVE-2022-3903)
It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type
OSV
linux-oem-6.1 vulnerabilities
osv·2023-03-27·CVSS 8.8
CVE-2023-1281 linux-oem-6.1 vulnerabilities
linux-oem-6.1 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
informat
OSV
linux-oem-6.0 vulnerabilities
osv·2023-03-27·CVSS 8.8
CVE-2023-1281 linux-oem-6.0 vulnerabilities
linux-oem-6.0 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker could possibly use this to cause a denial of service (system
cras
GHSA
GHSA-cxph-v45w-r6xc: The Photo Gallery WordPress plugin through 1
ghsa_unreviewed·2022-05-03
CVE-2022-1281 [CRITICAL] CWE-89 GHSA-cxph-v45w-r6xc: The Photo Gallery WordPress plugin through 1
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
VulnCheck
10web photo_gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-1281 [CRITICAL] 10web photo_gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
10web photo_gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
Affected: 10web photo_gallery
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/photo-gallery/vulnerability/wordpress-photo-gallery-by-10web-plugin-1-6-2-unauthenticated-sql-injection-sqli-vulnerability
Red Hat
kernel: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2022-48755 [MEDIUM] CWE-1281 kernel: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
kernel: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
In the Linux kernel, the following vulnerability has been resolved:
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
Johan reported the below crash with test_bpf on ppc64 e5500:
test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1
Oops: Exception in kernel mode, sig: 4 [#1]
BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500
Modules linked in: test_bpf(+)
CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1
NIP: 8000000000061c3c LR: 80000000006dea64 CTR: 8000000000061c18
REGS: c0000000032d3420 TRAP: 0700 Not tainted (5.14.0-03771-g98c2059e008a-dirty)
MSR: 0000000080089000 CR: 88002822 XER: 20000000 IRQMASK: 0
NIP [8000000000061c3c] 0x8000000000061c3c
LR [80000
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.phphttps://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8dehttps://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.phphttps://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de
2022-05-02
Published
Exploited in the wild