Vulnerabilities > CVE-2021-24457 - Unspecified vulnerability in Ays-Pro Portfolio Responsive Gallery

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ays-pro

NVD

Published: 2021-08-02

Updated: 2024-11-21

Summary

The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Vulnerable Configurations

Part	Description	Count
Application	Ays-Pro AYS PRO Portfolio Responsive Gallery 1.0.1 AYS PRO Portfolio Responsive Gallery 1.0.2 AYS PRO Portfolio Responsive Gallery 1.0.3 AYS PRO Portfolio Responsive Gallery 1.0.4 AYS PRO Portfolio Responsive Gallery 1.0.5 AYS PRO Portfolio Responsive Gallery 1.0.6 AYS PRO Portfolio Responsive Gallery 1.0.7 AYS PRO Portfolio Responsive Gallery 1.0.8 AYS PRO Portfolio Responsive Gallery 1.0.9 AYS PRO Portfolio Responsive Gallery 1.1.0 AYS PRO Portfolio Responsive Gallery 1.1.1 AYS PRO Portfolio Responsive Gallery 1.1.2 AYS PRO Portfolio Responsive Gallery 1.1.3 AYS PRO Portfolio Responsive Gallery 1.1.4 AYS PRO Portfolio Responsive Gallery 1.1.5 AYS PRO Portfolio Responsive Gallery 1.1.6 AYS PRO Portfolio Responsive Gallery 1.1.7	17

Summary

Vulnerable Configurations

References