Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1055

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1055
Last Modified 20 Jan 2015 08:59:05
Published 16 Jan 2015 10:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1055

Summary

SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.

Vulnerable Systems

Application

  • Web-dorado Photo Gallery 1.2.7


References

BID - 72015

FULLDISC - 20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection


Last Updated: 27 May 2016 11:07:34