Blind SQL Injection Vulnerability in Image Gallery with Slideshow Plugin by WordPress
CVE-2017-1002013

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Image-gallery-with-slideshow
Vendor: CVE Published:; 14 September 2017

Summary

A vulnerability exists in the Image Gallery with Slideshow plugin for WordPress, where improper handling of the 'imgid' parameter in the 'admin_setting.php' file allows attackers to execute blind SQL injection attacks. This flaw could lead to unauthorized access to the underlying database, enabling attackers to manipulate data or extract sensitive information.

Affected Version(s)

image-gallery-with-slideshow < 1.5.2

References

https://wordpress.org/plugins/image-gallery-with-slideshow/

x_refsource_MISC

http://www.vapidlabs.com/advisory.php?v=189

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 14, 2017