vendor:
Photo Gallery
by:
MTK
9.8
CVSS
CRITICAL
Blind SQL injection
89
CWE
Product Name: Photo Gallery
Affected Version From: 1.5.34
Affected Version To: 1.5.34
Patch Exists: YES
Related CWE: CVE-2019-16119
CPE: a:10web:photo_gallery
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Apache2/WordPress 5.2.2 - Firefox/Windows - SQLMap
2019
WordPress Plugin Photo Gallery by 10Web <= 1.5.34 - Blind SQL injection
Through the SQL injection vulnerability, a malicious user could inject SQL code in order to steal information from the database, modify data from the database, even delete database or data from them.
Mitigation:
Upgrade to the latest version of the plugin (1.5.35)
