CVE-2021-24139

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0750%

EPSS Percentile6.75th

Published2021年3月18日

Last Modified2024年11月21日

Vulnerability Description

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

Affected Platforms (CPE)

📦

10web

Photo Gallery

< 1.5.55

References & Advisories

🔗 https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28

相關漏洞威脅

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-491610.0

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in...

CVE-2003-152510.0

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

CVE-2019-161199.8

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Album...