vendor:
oQey Gallery plugin
by:
Miroslav Stampar
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: oQey Gallery plugin
Affected Version From: 2000.4.8
Affected Version To: 2000.4.8
Patch Exists: YES
Related CWE: N/A
CPE: oqey-gallery
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
WordPress oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability
The vulnerability exists due to insufficient sanitization of user-supplied input in 'gal_id' parameter of 'getimages.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information from the database.
Mitigation:
Update to the latest version of the oQey Gallery plugin.