PT-2017-11001 · Unknown · Image-Gallery-With-Slideshow

Larry W. Cashdollar

Published

2017-09-14

Updated

2019-10-03

CVE-2017-1002012

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions image-gallery-with-slideshow version 1.5.2

Description The issue concerns a lack of input sanitization in the gid variable, which is then used in an SQL statement. This occurs in the admin setting.php file of the image-gallery-with-slideshow plugin.

Recommendations For version 1.5.2, consider disabling the image-gallery-with-slideshow plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to the admin setting.php file to minimize the risk of exploitation. Avoid using the gid variable in the affected SQL statement until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-1002012

Affected Products

Image-Gallery-With-Slideshow

PT-2017-11001 · Unknown · Image-Gallery-With-Slideshow

CVE-2017-1002012

Weakness Enumeration

Related Identifiers

Affected Products

References · 4