vendor:
Image-Gallery-With-Slideshow
by:
Hrvoje Spoljar
9.3
CVSS
HIGH
Arbitrary File Upload / SQL Injection
89
CWE
Product Name: Image-Gallery-With-Slideshow
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: /a:wordpress:wordpress:image-gallery-with-slideshow
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
WordPress image-gallery-with-slideshow plugin <= 1.5 Arbitrary file upload / SQL injection
The Wordpress image-gallery-with-slideshow plugin version 1.5 is vulnerable to arbitrary file upload and SQL injection. An attacker can exploit this vulnerability by sending a malicious file to the upload-file.php script, which is then uploaded to the server and stored in the database. The attacker can then use the SQL injection vulnerability to execute arbitrary SQL commands on the database.
Mitigation:
Upgrade to the latest version of the plugin.