PT-2017-11001 · Unknown · Image-Gallery-With-Slideshow

Larry W. Cashdollar

Publicado

2017-09-14

Atualizado

2019-10-03

CVE-2017-1002012

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions image-gallery-with-slideshow version 1.5.2

Description The issue concerns a lack of input sanitization in the gid variable, which is then used in an SQL statement. This occurs in the admin setting.php file of the image-gallery-with-slideshow plugin.

Recommendations For version 1.5.2, consider disabling the image-gallery-with-slideshow plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to the admin setting.php file to minimize the risk of exploitation. Avoid using the gid variable in the affected SQL statement until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-1002012

Produtos afetados

Image-Gallery-With-Slideshow

PT-2017-11001 · Unknown · Image-Gallery-With-Slideshow

CVE-2017-1002012

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4