CVE-2019-14313

Vulnerability

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin for WordPress versions before 1.5.31. The flaw resides in the filemanager/model.php file, where unsanitized user input is passed to SQL queries, allowing an attacker to inject arbitrary SQL commands. The plugin is widely used for creating mobile-friendly image galleries. [1]

Exploitation

An attacker can exploit this vulnerability remotely without authentication by sending a crafted HTTP request to the vulnerable endpoint. The attack requires no special privileges or user interaction, as the vulnerable code path is reachable through the file manager functionality. The attacker simply needs to manipulate input parameters to inject SQL statements.

Impact

Successful exploitation allows a remote attacker to execute arbitrary SQL commands on the WordPress database. This can lead to unauthorized access to sensitive data, including user credentials, posts, and configuration information. The attacker could also modify or delete database content, potentially compromising the entire WordPress installation.

Mitigation

The vulnerability is fixed in version 1.5.31 of the Photo Gallery plugin. Users should update to this version or later immediately. The plugin's developer, 10Web, has released the fix. As of the publication date (2019-07-30), no workarounds are documented. The plugin is actively maintained, and the latest version (1.8.41 as of the reference) includes the fix. [1]