CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-24462

HIGH
8.8
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile12.12th
Published2021年8月2日
Last Modified2024年11月21日

Vulnerability Description

The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Affected Platforms (CPE)

📦
Ays Pro

Photo Gallery

< 4.4.4

References & Advisories

🔗 https://wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376
🔗 https://wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376

相關漏洞威脅

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-491610.0

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in...

CVE-2003-152510.0

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

CVE-2019-161199.8

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Album...