CVE Catalog

CVE-2026-9059

Critical
Published: Translated: NVD NIST

Summary

NextGEN Gallery versions prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The issue stems from an insufficient sanitization function in the data mapper layer.

Risk Assessment

An attacker with the appropriate permissions can inject arbitrary SQL, potentially leading to unauthorized access or modification of data. This poses a serious threat to the integrity and confidentiality of data within the system.

Recommendation

It is recommended to update NextGEN Gallery to version 4.2.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential weaknesses.

Original NVD description (English source)

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS