ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple SQL Injection

Product
Apptha Video Gallery
Description
Because of these vulnerabilities, the attackers can execute arbitrary SQL commands via the "videoId" parameter in a newvideo page to wp-admin/admin.php, "vid" parameter in a myextract action to wp-admin/admin-ajax.php or "playlistId" parameter in the newplaylist page.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2014-9097
Versions
Affected In <= 2.5
Fixed In 2.6
Disclosure date
2014-11-26
Credits
Claudio Viviani