Vulnerability Description
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-9059?
CVE-2026-9059 is a documented vulnerability. NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root...
How severe is CVE-2026-9059?
CVSS scoring is not yet available for CVE-2026-9059. Check NVD for updates.
Is there a patch for CVE-2026-9059?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.