CVE-2024-55981

CRITICAL

Nabz Image Gallery <v1.00 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55981. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository provides a proof-of-concept for an unauthenticated SQL injection vulnerability in the Nabz Image Gallery WordPress plugin (v1.00). The PoC uses sqlmap to demonstrate time-based blind SQL injection via the 'id' parameter in the 'setimage.php' script.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery nabz-image-gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through <= v1.00.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-55981

This repository provides a proof-of-concept for an unauthenticated SQL injection vulnerability in the Nabz Image Gallery WordPress plugin (v1.00). The PoC uses sqlmap to demonstrate time-based blind SQL injection via the 'id' parameter in the 'setimage.php' script.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Nabz Image Gallery WordPress plugin <= v1.00
No auth needed
Prerequisites: Access to the vulnerable WordPress plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.3
EPSS 0.0094
EPSS Percentile 56.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Nabajit Roy/Nabz Image Gallery < v1.00
Published Dec 16, 2024
Tracked Since Feb 18, 2026