Published: 08/09/2019 Updated: 23/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
10web photo gallery

# Exploit Title: WordPress Plugin Photo Gallery by 10Web <= 1534 - Blind SQL injection # inurl:"\wp-content\plugins\photo-gallery" # Date: 09-10-2019 # Exploit Author: MTK (mtk911cf/) # Vendor Homepage: 10webio/ # Software Link: downloadswordpressorg/plugin/photo-gallery1534zip # Version: Up to v1534 # Tested o ...

WordPress Photo Gallery plugin version 1534 suffers from a remote SQL injection vulnerability ...

Desarrollo del CTF EVM1

EVM1 Desarrollo del CTF EVM1 1 Configuración de la VM Download VM: wwwvulnhubcom/entry/evm-1,391/ La VM no funciona en VMWARE WORKSTATION (la interfaz de red no funciona) Solo funciona en VIRTUALBOX 2 Escaneo de Puertos Nmap 791 scan initiated Tue Apr 20 09:32:39 2021 as: nmap -n -P0 -p- -sS -sC -sV -vv -T5 -oA full 19216856103 Nmap scan report for 19

CWE-89 https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/9872 http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html https://nvd.nist.gov https://github.com/El-Palomo/EVM1 https://www.exploit-db.com/exploits/47371

CVE-2019-16119

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect