CVE-2021-24139 Scanner

The 10Web Photo Gallery plugin is used by WordPress website owners to create and manage image galleries seamlessly. This plugin is typically used by individuals or companies that manage photo-heavy blogs or websites, utilizing this tool to enhance visual appeal. It is designed to be user-friendly, providing a drag-and-drop interface for users to organize photos into galleries. Websites deploying 10Web Photo Gallery aim to improve audience engagement by providing visually enriched content. This plugin offers features like customizable views and various gallery layouts, which make it an invaluable tool for photographers, artists, and online portfolios. Plugins like these are integral to maintaining an interactive multimedia website experience.

The vulnerability, SQL Injection, occurs when unvalidated input gets executed as SQL commands, potentially compromising the database. Attackers exploit this vulnerability by inserting malicious SQL queries through the 'bwg_search_x' parameter in the frontend. This particular vulnerability is significant due to its potential to allow unauthorized access to sensitive database contents. Victims of successful exploits could face theft, alteration, or destruction of critical data. SQL Injection ranks as one of the most severe vulnerabilities due to the potential impact on data integrity, confidentiality, and availability. The availability of admin access could lead to further exploitation and persistent threat inside the system.

The vulnerability lies in the 'bwg_search_x' parameter of the frontend/models/model.php file. Attackers can inject SQL commands through this parameter, making the database execute unintended commands. A specific endpoint vulnerable to this attack can accept HTTP requests that include the 'bwg_search_x' query. It's important to note that the vulnerability does not require any authentication, increasing the risk level. The SQL Injection vulnerability can potentially leverage time-based attacks, extracting data using logical flaws. This issue is mainly due to insufficient input validation and unprepared SQL statements that fail to sanitize data inputs adequately.

If the vulnerability is exploited, unauthorized parties could gain access to sensitive data, leading to data theft or manipulation. Furthermore, the entire database might be compromised, causing severe disruption to services. Administrators could find themselves locked out of the system, allowing attackers to deploy further exploits. Infected database systems could be used as a platform for further attacks against connected systems. The exploited system might also fall victim to data ransom requests or unauthorized data dissemination. In severe cases, the business operations depending on the database might grind to a halt, leading to loss of business, customers, or reputation.

REFERENCES

• https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/photo-gallery/photo-gallery-by-10web-1554-sql-injection-via-bwg-search-x-parameter
• https://nvd.nist.gov/vuln/detail/CVE-2021-24139