Description
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
Exploits (1)
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127533/WordPress-Gallery-Objects-0.4-SQL-Injection.html
Exploit x_refsource_misc
http://www.homelab.it/index.php/2014/07/18/wordpress-gallery-objects-0-4-sql-injection/#sthash.ftMVwBVK.dpbs
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68791
Scores
EPSS
0.0118
EPSS Percentile
78.8%
Details
CWE
CWE-89
Status
published
Products (1)
gallery_objects_project/gallery_objects
0.4
Published
Aug 12, 2014
Tracked Since
Feb 18, 2026