Posted by Brandon Perry on Jan 12

WordPress Photo Gallery Unauthenticated SQL injection

Version 1.2.7 and likely prior of the Photo Gallery plugin (almost 500,000
downloads to date) are vulnerable to an unauthenticated boolean-based and
time-based blind SQL injection.

Vulnerable version:
https://downloads.wordpress.org/plugin/photo-gallery.1.2.7.zip

Within the following GET request, the order_by parameter, specifically, is
vulnerable.

GET…