1 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. Una vulnerabilidad de inyección SQL en el plugin Responsive Image Gallery en versiones anteriores a la 1.2.1 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro id en una tarea en la página add_edit_theme para wp-admin/admin.php. WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. • http://seclists.org/fulldisclosure/2017/Sep/55 https://wpvulndb.com/vulnerabilities/8907 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •