CVE-2022-0169

CVE-2022-0169: Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection

Vendor Unknown

Product Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Weakness CWE-89 · SQLi

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0169

Related vulnerabilities

04Related CVE

CVE-2023-5315 Google Maps made Simple <= 0.6 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2024-8561 SourceCodester PHP CRUD Delete Person delete.php sql injection CVE-2024-5395 itsourcecode Online Student Enrollment System listofinstructor.php sql injection CVE-2023-5155 SQLi in Utarit's Smart Deposit System CVE-2022-0739 BookingPress < 1.0.11 - Unauthenticated SQL Injection