Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection



Description
SQL injection in the Photo Gallery (10Web Photo Gallery) plugin before 1.5.55 exists via the frontend/models/model.php bwg_search_x parameter.

Impact
All gallery_type is affected by this bug and any unauthenticated remote attacker can exploit the plugin.
Proof of Concept The PoC will be displayed on June 05, 2020, to give users the time to update.

Affects Plugin

References

URL https://plugins.trac.wordpress.org/changeset/2304193

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter Nguyen Anh Tien
Submitter Website https://research.sun-asterisk.com/
Submitter Twitter vigov5
Views 1030
Verified No
WPVDB ID 10227

Timeline

Publicly Published 2020-05-15 (11 days ago)
Added 2020-05-15 (10 days ago)
Last Updated 2020-05-19 (6 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin