Description
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
Affected products
- Unknown / Photo Gallery by 10Web1.5.55 – 1.5.55
Exploits & proofs of concept
- nuclei10Web Photo Gallery < 1.5.55 - SQL Injectionby riteshs4hu