Vulnerability Description
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagely | Nextgen Gallery | < 3.2.10 |
Related Weaknesses (CWE)
References
- https://de.wordpress.org/plugins/nextgen-gallery/#developers
- https://wordpress.org/plugins/nextgen-gallery/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9816Release NotesThird Party Advisory
- https://de.wordpress.org/plugins/nextgen-gallery/#developers
- https://wordpress.org/plugins/nextgen-gallery/#developersRelease Notes
- https://wpvulndb.com/vulnerabilities/9816Release NotesThird Party Advisory
FAQ
What is CVE-2019-14314?
CVE-2019-14314 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary...
How severe is CVE-2019-14314?
CVE-2019-14314 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-14314?
Check the references section above for vendor advisories and patch information. Affected products include: Imagely Nextgen Gallery.