VDB-230085 · CVE-2014-125101 · GCVE-100-230085

Portfolio Gallery Plugin ଯେପର୍ଯ୍ୟନ୍ତ 1.1.8 ଅନ୍ WordPress SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Portfolio Gallery Plugin ଯେପର୍ଯ୍ୟନ୍ତ 1.1.8 irratti WordPress keessatti argameera. Kan miidhamte is hojii hin beekamne. Hojii jijjiirraa gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 09/19/2014 maxxanfameera akka 58ed88243e17df766036f4857041edaf358076d3. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2014-125101tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa hin jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 58ed88243e17df766036f4857041edaf358076d3 dha. Sirreeffamni rakkoo github.com irratti buufachuuf qophaa’eera. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 46 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 05/27/2023 09:58 AM	ଅଦ୍ୟତନ 1/1 06/21/2023 01:18 PM
software_name	Portfolio Gallery Plugin	Portfolio Gallery Plugin
software_version	<=1.1.8	<=1.1.8
software_platform	WordPress	WordPress
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
advisory_date	1411077600 (09/19/2014)	1411077600 (09/19/2014)
advisory_identifier	58ed88243e17df766036f4857041edaf358076d3	58ed88243e17df766036f4857041edaf358076d3
advisory_url	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
countermeasure_date	1411077600 (09/19/2014)	1411077600 (09/19/2014)
upgrade_version	1.1.9	1.1.9
patch_name	58ed88243e17df766036f4857041edaf358076d3	58ed88243e17df766036f4857041edaf358076d3
countermeasure_patch_url	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3	https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3
countermeasure_advisoryquote	SQL Injection bag has fixed in Portfolio Gallery	SQL Injection bag has fixed in Portfolio Gallery
source_cve	CVE-2014-125101	CVE-2014-125101
cna_responsible	VulDB	VulDB
software_type	Photo Gallery Software	Photo Gallery Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	6.0	6.0
price_0day	$0-$5k	$0-$5k
cve_assigned		1685138400 (05/27/2023)
cve_nvd_summary		A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!