PT-2014-7808 · Huge It · Huge-It Gallery-Images Plugin
Publicado
2014-09-22
·
Atualizado
2014-09-22
·
CVE-2014-7153
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Huge-IT Image Gallery plugin version 1.0.1
Description
The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the
removeslide parameter to the "/wp-admin/admin.php" API endpoint.Recommendations
For Huge-IT Image Gallery plugin version 1.0.1, consider disabling the
editgallery function in admin/gallery func.php until a patch is available. Restrict access to the removeslide parameter in the affected API endpoint to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huge-It Gallery-Images Plugin