ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection

Product
Huge IT Image Gallery
Description
An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database.
Solution
Upgrade the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-2014-7153
Versions
Affected In <= 1.0.1
Fixed In 1.0.2
Disclosure date
2014-09-02
Credits
Claudio Viviani