SQL Injection Vulnerability in Image Gallery Plugin for WordPress
CVE-2017-1002012

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Image-gallery-with-slideshow
Vendor: CVE Published:; 14 September 2017

Summary

An SQL injection vulnerability exists in version 1.5.2 of the Image Gallery with Slideshow plugin for WordPress. The flaw occurs in the admin_setting.php file, where user input via the gid parameter is not sanitized prior to being used in an SQL statement. This oversight allows attackers to exploit the vulnerability, potentially leading to unauthorized access and manipulation of the database.

Affected Version(s)

image-gallery-with-slideshow < 1.5.2

References

https://wordpress.org/plugins/image-gallery-with-slideshow/

x_refsource_MISC

http://www.vapidlabs.com/advisory.php?v=189

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 14, 2017