Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-0765— Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

EPSS 0.50% · P66
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-0765

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress Plugin Gallery by BestWebSoft SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Gallery by BestWebSoft 4.7.0之前版本存在SQL注入漏洞,该漏洞源于无法正确转义 SQL 查询中使用的值,导致存在SQL注入漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
UnknownGallery by BestWebSoft 0 ~ 4.7.0 -

II. Public POCs for CVE-2023-0765

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-0765

登录查看更多情报信息。

Same Patch Batch · Unknown · 2023-04-17 · 15 CVEs total

CVE-2023-1473Responsive WordPress Slideshows 3.29.0 - Reflected XSS
CVE-2023-1371W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure
CVE-2023-1413WP VR < 8.2.9 - Reflected XSS
CVE-2023-1331Redirection < 1.1.5 - Plugin Reset via CSRF
CVE-2023-1274Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI
CVE-2023-0367Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS
CVE-2023-1373W4 Post List < 2.4.6 - Reflected XSS
CVE-2023-0889TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
CVE-2023-1427Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
CVE-2023-1282Drag and Drop Multiple File Upload PRO - Reflected Cross-Site Scripting
CVE-2023-0277WC Fields Factory <= 4.1.5 - ShopManager+ SQLi
CVE-2023-1325Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
CVE-2023-0764Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
CVE-2023-0374W4 Post List < 2.4.6 - Contributor+ Stored XSS

IV. Related Vulnerabilities

Same product: Gallery by BestWebSoft
Same vendor: Unknown

V. Comments for CVE-2023-0765

No comments yet

Leave a comment