CVE-2015-5599

Published Aug 18, 2015

Last updated 5 years ago

Overview

Description: Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:powerplay_gallery_project:powerplay_gallery:3.3:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "084DC73A-34B1-43AA-802F-60EDA5BA2F65"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References