CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12977 – Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter
https://notcve.org/view.php?id=CVE-2017-12977
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. El plugin "Photo Gallery by WD - Responsive Photo Gallery" de Web-Dorado en su versión 1.3.51 para WordPress tiene una vulnerabilidad de inyección SQL que afecta a bwg_edit_tag() en photo-gallery.php y a edit_tag() en admin/controllers/BWGControllerTags_bwg.php. Los administradores lo podrían explotar mediante el parámetro tag_id. • https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL https://wordpress.org/plugins/photo-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2324 – Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2324
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en filemanager en las versiones anteriores a la 1.2.13 del plugin Photo Gallery para WordPress permite que los usuarios autenticados remotos con permiso de edición inyecten scripts web o HTML arbitrarios mediante vectores no especificados. • https://fortiguard.com/zeroday/FG-VD-15-009 https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1394 – Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Photo Gallery versiones anteriores a 1.2.11 para WordPress, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) sort_by, (2) sort_order, (3) items_view, (4 ) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src o (8) clipboard_dest en una acción addImages en el archivo wp-admin/admin-ajax.php. WordPress Photo Gallery plugin version 1.2.8 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded https://plugins.trac.wordpress.org/changeset/1073334 https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery https://seclists.org/bugtraq/2015/Jan/140 https://wordpress.org/plugins/photo-gallery/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 84%CPEs: 1EXPL: 4CVE-2014-9312 – WordPress Photo Gallery Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. Existe una vulnerabilidad de subida de archivos sin restricciones en Photo Gallery 1.2.5. Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php • https://www.exploit-db.com/exploits/35916 http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html http://www.securityfocus.com/bid/72620 http://security.szurek.pl/photo-gallery-125-unrestricted-file-upload.html https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1393 – Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter
https://notcve.org/view.php?id=CVE-2015-1393
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin Photo Gallery anterior a 1.2.11 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro asc_or_desc en una solicitud para crear galería en la página galleries_bwg en wp-admin/admin.php. WordPress Photo Gallery plugin version 1.2.8 suffers from a remote SQL injection vulnerability. • http://www.securityfocus.com/archive/1/534569/100/0/threaded https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •