CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-5186 – All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2014-5186
28 May 2014 — SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin All Video Gallery (all-video-gallery) 1.2 para WordPress permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en una acción edit en la página... • http://codevigilant.com/disclosure/wp-plugin-all-video-gallery-a1-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2012-6653 – All Video Gallery <= 1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-6653
02 Nov 2012 — Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. Vulnerabilidad no especificada en el plugin All Video Gallery (all-video-gallery) anterior a 1.2.0 para WordPress tiene un impacto y vectores de ataque no especificados. The All Video Gallery plugin for WordPress is vulnerable to blind SQL Injection via the ‘ vid’ and 'pid' parameters in versions up to, and including, 1.1 due to insufficient escaping on the user... • https://www.exploit-db.com/exploits/22427 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •