Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1055


Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1055
Last Modified 20 Jan 2015 08:59:05
Published 16 Jan 2015 10:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.

Vulnerable Systems


  • Web-dorado Photo Gallery 1.2.7


BID - 72015

FULLDISC - 20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection

Last Updated: 27 May 2016 11:07:34