Back to search
CVE-2015-1393
Published: Feb 2, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8
mailing-list
x_refsource_BUGTRAQ
https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now