10Web · 10Web Photo Gallery · CVE-2019-14313
**Name of the Vulnerable Software and Affected Versions**
10Web Photo Gallery plugin versions prior to 1.5.31
**Description**
A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via the filemanager/model.php.
**Recommendations**
For versions prior to 1.5.31, update to version 1.5.31 or later to resolve the issue.