CVE-2019-16119

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 10Web Photo Gallery plugin versions prior to 1.5.35

Description A SQL injection issue exists in the photo-gallery plugin for WordPress. The issue is exploitable via the album id parameter in the admin/controllers/Albumsgalleries.php file.

Recommendations For versions prior to 1.5.35, update to version 1.5.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/controllers/Albumsgalleries.php file to minimize the risk of exploitation. Avoid using the album id parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-16119

Affected Products

10Web Photo Gallery

CVE-2019-16119

Weakness Enumeration

Related Identifiers

Affected Products

References · 7