The Photo Gallery WordPress plugin up to and including 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
10web photo gallery |