Vulnerability Description
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 10Web | Photo Gallery | < 1.5.31 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/zeroday/FG-VD-19-101Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2128378Patch
- https://wordpress.org/plugins/photo-gallery/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9480Third Party Advisory
- https://fortiguard.com/zeroday/FG-VD-19-101Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2128378Patch
- https://wordpress.org/plugins/photo-gallery/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9480Third Party Advisory
FAQ
What is CVE-2019-14313?
CVE-2019-14313 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL...
How severe is CVE-2019-14313?
CVE-2019-14313 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-14313?
Check the references section above for vendor advisories and patch information. Affected products include: 10Web Photo Gallery.