Lucene search
WPScanCVELIST:CVE-2021-24457HistoryAug 02, 2021 - 10:32 a.m.
CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
2021-08-0210:32:03
CWE-89
WPScan
www.cve.org
3
cve-2021-24457
portfolio responsive gallery
authenticated blind sql injections
sql injection
wordpress plugin
admin dashboard
EPSS
0.001
Percentile
36.7%
The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
CNA Affected
[
{
"product": "Portfolio Responsive Gallery",
"vendor": "Ays Pro",
"versions": [
{
"lessThan": "1.1.8",
"status": "affected",
"version": "1.1.8",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
2021-06-29 00:00:00
nvd
nvd
CVE-2021-24457
2021-08-02 11:15:09
prion
prion
Sql injection
2021-08-02 11:15:00
cve
cve
CVE-2021-24457
2021-08-02 11:15:09
patchstack
patchstack
wpexploit
wpexploit
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections
2021-06-29 00:00:00