CVE-2017-1002012 Information
Feb 14, 2021
cve
Description
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2 In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.vapidlabs.com/advisory.php?v=189 https://wordpress.org/plugins/image-gallery-with-slideshow/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: