NextGEN Gallery SQL Injection Vulnerability

A SQL injection vulnerability has been identified in NextGEN Gallery versions prior to 4.2.1. This issue allows authenticated attackers with the 'NextGEN Gallery overview' capability, typically assigned to administrators, to inject arbitrary SQL into the 'ORDER BY' clause via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The vulnerability arises from a sanitization function in the data mapper layer that employs a character blacklist instead of a whitelist approach, leaving the application open to SQL injection attacks.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, where an attacker can manipulate SQL queries executed by the application. This could potentially lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations through the database.

Remediation

Users are advised to upgrade to NextGEN Gallery version 4.2.1 or later.