CVE-2021-24462
N/A
N/A
Summary
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ays Pro | Photo Gallery by Ays – Responsive Image Gallery | 4.4.4 < 4.4.4 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.