CVE Catalog

CVE-2017-20247

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Summary

The WordPress Plugin PICA Photo Gallery version 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries via the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information, including user credentials and table contents.

Risk Assessment

This vulnerability poses a serious risk to organizations as it allows attackers to access sensitive data, potentially leading to identity theft or other forms of abuse. If exploited, the organization may incur significant financial and reputational damage.

Recommendation

It is recommended to immediately update the PICA Photo Gallery plugin to the latest version that addresses this vulnerability. Additionally, conducting a security audit of the database to detect any unauthorized changes is advisable.

Original NVD description (English source)

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS