CyberSec.Space Logo
Back to CVE Browser

CVE-2021-24139

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile6.75th
PublishedMar 18, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

Affected Platforms (CPE)

📦
10web

Photo Gallery

< 1.5.55

References & Advisories

🔗 https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28
🔗 https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28

Related Vulnerabilities

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-491610.0

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in...

CVE-2003-152510.0

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

CVE-2019-161199.8

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Album...