1 results (0.005 seconds)
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1
CVE-2016-10940 – ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. El plugin zm-gallery versión 1.0 para WordPress, presenta una inyección SQL por medio del parámetro order. • http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection https://wordpress.org/plugins/zm-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •