CVE-2016-11018

Name of the Vulnerable Software and Affected Versions: Huge-IT gallery-images plugin versions prior to 1.9.0

Description: An issue was discovered in the Huge-IT gallery-images plugin, where the headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php, and the affected function is huge it image gallery ajax callback().

Recommendations: For versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the huge it image gallery ajax callback() function until a patch is available. Avoid using the Client-Ip and X-Forwarded-For headers in the affected API endpoint until the issue is resolved.