Apptha Slider Gallery SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Apptha Slider Gallery WordPress plugin, version 1.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'albid' parameter. Exploitation of this vulnerability could lead to the extraction of sensitive database information, including user credentials and authentication hashes.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate the database or extract sensitive information such as user credentials and authentication hashes.

Reproduction

To reproduce this vulnerability, send a GET request to the WordPress site with the 'albid' parameter. Inject a crafted SQL payload that exploits the application's SQL query handling. The injected SQL can be used to, for example, union select data from the database, such as user login and password information.