CVE-2019-16119: SQL Injection
First published: Sun Sep 08 2019(Updated: )
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Photo Gallery | <1.5.35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html
- https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php
- https://wordpress.org/plugins/photo-gallery/#developers
- https://wpvulndb.com/vulnerabilities/9872
Frequently Asked Questions
What is CVE-2019-16119?
CVE-2019-16119 is a SQL injection vulnerability in the photo-gallery (10Web Photo Gallery) plugin before version 1.5.35 for WordPress.
How severe is CVE-2019-16119?
CVE-2019-16119 has a severity rating of 9.8 (critical).
How does the SQL injection occur in CVE-2019-16119?
SQL injection in CVE-2019-16119 occurs via the admin/controllers/Albumsgalleries.php album_id parameter in the photo-gallery plugin.
What software is affected by CVE-2019-16119?
The photo-gallery (10Web Photo Gallery) plugin before version 1.5.35 for WordPress is affected by CVE-2019-16119.
How can I fix CVE-2019-16119?
To fix CVE-2019-16119, update the photo-gallery plugin to version 1.5.35 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/weakness
- agent/event
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/10web
- canonical/10web photo gallery