Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

链接： https://github.com/advisories/GHSA-vm95-2m88-cv87

CVSS 评分： 9.3

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-52832
https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-3-4-1-sql-injection-vulnerability?_s_id=cve
https://github.com/advisories/GHSA-vm95-2m88-cv87

描述：

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in wpo-HR NGG Smart Image Search allows SQL Injection. This issue affects NGG Smart Image Search: from n/a through 3.4.1.

安全公告

#Github Advisory

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

http://example.com/2025/07/04/github_1833524291/

作者

lianccc

发布于

2025年7月4日

许可协议

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege 上一篇

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 下一篇