VDB-230085 · CVE-2014-125101 · GCVE-100-230085

Portfolio Gallery Plugin har 1.1.8 ka WordPress SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin Portfolio Gallery Plugin har 1.1.8 on WordPress. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 09/19/2014 a matsayin 58ed88243e17df766036f4857041edaf358076d3. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2014-125101. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ba ga. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Patch ɗin sunan ganowa shine 58ed88243e17df766036f4857041edaf358076d3. Gyaran matsalar yana nan a shirye don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

2 Goyarwa · 46 Datenpunkte

Furɗe	Súgá 05/27/2023 09:58	Gargadi 1/1 06/21/2023 13:18
software_name	Portfolio Gallery Plugin	Portfolio Gallery Plugin
software_version	<=1.1.8	<=1.1.8
software_platform	WordPress	WordPress
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
advisory_date	1411077600 (09/19/2014)	1411077600 (09/19/2014)
advisory_identifier	58ed88243e17df766036f4857041edaf358076d3	58ed88243e17df766036f4857041edaf358076d3
advisory_url	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3
countermeasure_name	Gargajiya	Gargajiya
countermeasure_date	1411077600 (09/19/2014)	1411077600 (09/19/2014)
upgrade_version	1.1.9	1.1.9
patch_name	58ed88243e17df766036f4857041edaf358076d3	58ed88243e17df766036f4857041edaf358076d3
countermeasure_patch_url	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3
countermeasure_advisoryquote	SQL Injection bag has fixed in Portfolio Gallery	SQL Injection bag has fixed in Portfolio Gallery
source_cve	CVE-2014-125101	CVE-2014-125101
cna_responsible	VulDB	VulDB
software_type	Photo Gallery Software	Photo Gallery Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	6.0	6.0
price_0day	$0-$5k	$0-$5k
cve_assigned		1685138400 (05/27/2023)
cve_nvd_summary		A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!