CVE-2019-16119

CRITICAL

10Web Photo Gallery <1.5.35 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16119. PoCs published by MTK.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in the WordPress Photo Gallery plugin by 10Web. The vulnerability allows an attacker to inject SQL code via the 'album_id' parameter in an AJAX request, potentially leading to database information theft or manipulation.

Description

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

Exploits (1)

exploitdb WORKING POC
by MTK · textwebappsphp
https://www.exploit-db.com/exploits/47371

This exploit demonstrates a blind SQL injection vulnerability in the WordPress Photo Gallery plugin by 10Web. The vulnerability allows an attacker to inject SQL code via the 'album_id' parameter in an AJAX request, potentially leading to database information theft or manipulation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress Plugin Photo Gallery by 10Web <= 1.5.34
Auth required
Prerequisites: Access to WordPress admin panel · Valid nonce value
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.2544
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
10web/photo_gallery < 1.5.35
Published Sep 08, 2019
Tracked Since Feb 18, 2026