CVE-2021-24465: Meow Gallery < 4.1.9 - Contributor+ SQL Injection
First published: Mon Oct 04 2021(Updated: )
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Meow Gallery | <4.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-24465?
CVE-2021-24465 is an authenticated SQL injection vulnerability rated as high severity.
How do I fix CVE-2021-24465?
To fix CVE-2021-24465, update the Meow Gallery plugin to version 4.1.9 or later.
Who is affected by CVE-2021-24465?
CVE-2021-24465 affects WordPress users who have the Meow Gallery plugin installed prior to version 4.1.9.
What can an attacker do with CVE-2021-24465?
An attacker can exploit CVE-2021-24465 to execute arbitrary SQL queries on the database due to improper handling of user input.
What versions of the Meow Gallery plugin are vulnerable to CVE-2021-24465?
Versions of the Meow Gallery plugin before 4.1.9 are vulnerable to CVE-2021-24465.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/meowapps
- canonical/meow gallery