|
Description
|
|
Multiple vulnerabilities have been discovered in the GRAND Flash Album Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks.
1) Input passed via the "want2Read" parameter to wp-content/plugins/flash-album-gallery/admin/news.php is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences.
This vulnerability is confirmed in versions 0.58pl1, 1.56, and 1.57. Other versions may also be affected.
2) Input passed via the "pid" parameter to wp-content/plugins/flash-album-gallery/lib/hitcounter.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This vulnerability is confirmed in version 0.58pl1. Other versions may also be affected.
3) Input passed to the "i" parameter in wp-content/plugins/flash-album-gallery/facebook.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is confirmed in version 1.56. Prior versions may also be affected.
|
