CVE-2026-9059 | awesomemotive NextGEN Gallery up to 4.2.0 on REST REST API Endpoint /imagely/v1/albums _clean_column orderby sql injection

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability, which was classified as critical, was found in awesomemotive NextGEN Gallery up to 4.2.0 on REST. Impacted is the function _clean_column of the file /imagely/v1/albums of the component REST API Endpoint. The manipulation of the argument orderby results in sql injection.

This vulnerability is reported as CVE-2026-9059. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.

CVE-2026-9059 | awesomemotive NextGEN Gallery up to 4.2.0 on REST REST API Endpoint /imagely/v1/albums _clean_column orderby sql injection

Post correlati

CVE-2024-57962 | Huawei HarmonyOS 5.0.0 VPN Service Module denial of service

CVE-2024-22361 | IBM Semeru Runtime up to 8.0.392.0/11.0.21.0/17.0.9.0/21.0.1.0 risky encryption (XFDB-281222)

CVE-2024-50619 | CIPPlanner CIPAce up to 9.16 User Management privilege escalation

CVE-2023-31364 | AMD EPYC 7001 Processors memory corruption