CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16119

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile14.11th
PublishedSep 8, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

Affected Platforms (CPE)

πŸ“¦
10web

Photo Gallery

< 1.5.35

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html
πŸ”— https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php
πŸ”— https://wordpress.org/plugins/photo-gallery/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9872
πŸ”— http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html
πŸ”— https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php
πŸ”— https://wordpress.org/plugins/photo-gallery/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9872

Related Vulnerabilities

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-491610.0

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in...

CVE-2003-152510.0

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

CVE-2021-241399.8

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via ...