ZM Gallery 1 Plugin WordPress – Blind Injection

Homepage: https://wordpress.org/plugins/zm-gallery/ Description: Type user access: admin user. $_GET[‘order’] is escaped wrong. Attack with Blind Injection File / Code: Path: /wp-content/plugin/zm-gallery/zm-gallery-list.php Line: 126 if( isset($_GET[‘orderby’]) ) { $order = ‘ ORDER BY ‘ . esc_sql($_GET[‘orderby’]); if( isset($_GET[‘order’]) ) { $order .= ‘ ‘ . esc_sql($_GET[‘order’]); } } $table_name = $wpdb->prefix . ‘zm_gallery’; …