admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24462.json

76 lines
2.0 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-01-14 16:02:56 +00:00
{
Adds WPScan CVEs
2021-08-02 09:07:08 +02:00
"CVE_data_meta": {
"ID": "CVE-2021-24462",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ays Pro",
"product": {
"product_data": [
{
"product_name": "Photo Gallery by Ays Responsive Image Gallery",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4.4",
"version_value": "4.4.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376",
"name": "https://wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
"-Synchronized-Data."
2021-01-14 16:02:56 +00:00
]
Adds WPScan CVEs
2021-08-02 09:07:08 +02:00
}
]
},
"credit": [
{
"lang": "eng",
"value": "To Quang Duong"
"-Synchronized-Data."
2021-01-14 16:02:56 +00:00
}
Adds WPScan CVEs
2021-08-02 09:07:08 +02:00
],
"source": {
"discovery": "UNKNOWN"
}
}
Reference in New Issue Copy Permalink