exploitDog

CVE-2017-14125

Опубликовано: 25 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

Ссылки

http://seclists.org/fulldisclosure/2017/Sep/55
Exploit
Mailing List
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8907
VDB Entry
Vendor Advisory
http://seclists.org/fulldisclosure/2017/Sep/55
Exploit
Mailing List
Third Party Advisory
https://wpvulndb.com/vulnerabilities/8907
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpdevart:responsive_image_gallery_gallery_album:*:*:*:*:*:wordpress:*:*

Версия до 1.2.0 (включая)

EPSS

Процентиль: 83%

0.01872

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c2x2-f855-x3hh

CVSS3: 9.8

github

больше 3 лет назад

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

EPSS

Процентиль: 83%

0.01872

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89