SQL Injection Vulnerability in Powerplay Gallery Plugin by WordPress
CVE-2015-5599

Currently unrated

Key Information:

Vendor: Wordpress
Status: Powerplay Gallery
Vendor: CVE Published:; 18 August 2015

Summary

The Powerplay Gallery plugin version 3.3 for WordPress contains multiple SQL injection vulnerabilities in the upload.php file. By manipulating the 'albumid' or 'name' parameters in a request, remote attackers can execute arbitrary SQL commands, potentially compromising the database and leading to unauthorized data access or modifications. This vulnerability highlights the need for rigorous input validation and security measures in web applications.

References

http://www.openwall.com/lists/oss-security/2015/07/20/1

mailing-listx_refsource_MLIST

http://www.vapid.dhs.org/advisory.php?v=132

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jul/64

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 20, 2015