Headline
CVE-2019-14313: Changeset 2128378 – WordPress Plugin Repository
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
Timestamp:
07/25/2019 09:33:24 AM (4 years ago)
webdorado
Message:
Fixed: security issue
Location:
photo-gallery/trunk
Files:
- filemanager/model.php (2 diffs)
- photo-gallery.php (2 diffs)
- readme.txt (2 diffs)
Legend:
Unmodified
Added
Removed
photo-gallery/trunk/filemanager/model.php
r2087021
r2128378
50
50
$orderby = $params\['orderby'\];
51
51
$order = $params\['order'\];
52
if ( $orderby != 'size' && $orderby != 'name' ) {
53
$orderby = 'date\_modified';
54
}
55
if ( $order != 'asc' ) {
56
$order = 'desc';
57
}
52
58
$search = $params\['search'\];
53
59
$page\_num = $params\['page\_num'\];
…
…
149
155
$orderby = $params\['orderby'\];
150
156
$order = $params\['order'\];
157
if ( $orderby != 'size' && $orderby != 'name' ) {
158
$orderby = 'date\_modified';
159
}
160
if ( $order != 'asc' ) {
161
$order = 'desc';
162
}
151
163
152
164
$query = ' SELECT \* FROM \`' . $wpdb->prefix . 'bwg\_file\_paths\`';
photo-gallery/trunk/photo-gallery.php
r2120867
r2128378
4
4
\* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
5
5
\* Description: This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
6
\* Version: 1.5.30
6
\* Version: 1.5.31
7
7
\* Author: Photo Gallery Team
8
8
\* Author URI: https://10web.io/plugins/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
…
…
85
85
$this->plugin\_url = plugins\_url(plugin\_basename(dirname(\_\_FILE\_\_)));
86
86
$this->main\_file = plugin\_basename(\_\_FILE\_\_);
87
$this->plugin\_version = '1.5.30';
88
$this->db\_version = '1.5.30';
87
$this->plugin\_version = '1.5.31';
88
$this->db\_version = '1.5.31';
89
89
$this->prefix = 'bwg';
90
90
$this->nicename = \_\_('Photo Gallery', $this->prefix);
photo-gallery/trunk/readme.txt
r2120867
r2128378
4
4
Requires at least: 3.4
5
5
Tested up to: 5.2
6
Stable tag: 1.5.30
6
Stable tag: 1.5.31
7
7
License: GPLv2 or later
8
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
282
282
283
283
\== Changelog ==
284
285
\= 1.5.31 =
286
\* Fixed: Vulnerability.
284
287
285
288
\= 1.5.30 =
Note: See TracChangeset for help on using the changeset viewer.