SQL Injection in Awesomemotive Nextgen Gallery
CVE-2026-9059
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization…
Vulnerability class: SQL Injection
EPSS: 0.000 (11.2th percentile) — read the EPSS interpretation.
Affected products
- Awesomemotive Nextgen Gallery — versions O