|
Description
|
|
A security issue and a vulnerability have been discovered in the Image Gallery with Slideshow plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed via the filename when uploading a file through a webform is not properly sanitised in wp-content/plugins/image-gallery-with-slideshow/upload-file.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
2) The security issue is caused due to missing access restrictions to the wp-content/plugins/image-gallery-with-slideshow/upload-file.php script. This can be exploited to upload arbitrary files to the "wp-content/plugins/image-gallery-with-slideshow/uploads/original" folder inside the webroot and e.g. execute arbitrary PHP code.
The vulnerabilities are confirmed in version 1.5. Other versions may also be affected.
|
