SQL Injection Vulnerability Affects Unite Gallery Lite
CVE-2024-43207

8.5HIGH

Key Information:

Vendor: WordPress
Status: Unite Gallery Lite
Vendor: CVE Published:; 18 August 2024

Summary

The Valiano Unite Gallery Lite plugin is susceptible to an SQL Injection vulnerability, allowing attackers to manipulate SQL queries by injecting malicious code. This issue arises from improper handling of special elements in SQL commands. Successful exploitation can lead to unauthorized database access, enabling malicious actors to view, modify, or delete data. It is crucial for users of the plugin, especially those running versions up to 1.7.62, to implement security measures to mitigate potential threats.

Affected Version(s)

Unite Gallery Lite <= 1.7.62

References

https://patchstack.com/database/vulnerability/unite-galle...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)