CVE-2022-1281

Summary

The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

Affected Software

VendorProductVersion RangeStatus
UnknownPhoto Gallery by 10Web – Mobile-Friendly Image Gallery1.6.3 < 1.6.3*affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References