CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14125 – Gallery – Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-14125
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. Una vulnerabilidad de inyección SQL en el plugin Responsive Image Gallery en versiones anteriores a la 1.2.1 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro id en una tarea en la página add_edit_theme para wp-admin/admin.php. WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. • http://seclists.org/fulldisclosure/2017/Sep/55 https://wpvulndb.com/vulnerabilities/8907 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •