CVE-2015-2065

Apptha Wordpress Video Gallery < 2.7 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.

Exploits (2)

exploitdb WORKING POC

by Claudio Viviani · textwebappsphp

https://www.exploit-db.com/exploits/36058

View Code ZIP pw:eip

metasploit SCANNER

by Claudio Viviani, bperry · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.com/files/130371/WordPress-Video-Gallery-2.7-SQL-Injection.html

[Exploit] http://www.exploit-db.com/exploits/36058

[Third Party Advisory, VDB Entry] http://www.osvdb.org/118419

[Product] https://wordpress.org/plugins/contus-video-gallery/changelog/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74882

Scores

EPSS 0.8094

EPSS Percentile 99.2%

Details

CWE

CWE-89

Status published

Products (1)

apptha/wordpress_video_gallery < 2.7

Published Feb 24, 2015

Tracked Since Feb 18, 2026