.. / CVE-2016-10940

Exploit for WordPress zm-gallery plugin 1.0 SQL Injection (CVE-2016-10940)

Description:

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter.

Nuclei Template

View the template here CVE-2016-10940.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-10940.yaml

References:

https://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/
https://nvd.nist.gov/vuln/detail/CVE-2016-10940
http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/
https://wordpress.org/plugins/zm-gallery/#developers
https://wpscan.com/vulnerability/c0cbd314-0f4f-47db-911d-9b2e974bd0f6