CVE-2026-9059
CriticalSummary
NextGEN Gallery versions prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The issue stems from an insufficient sanitization function in the data mapper layer.
Risk Assessment
An attacker with the appropriate permissions can inject arbitrary SQL, potentially leading to unauthorized access or modification of data. This poses a serious threat to the integrity and confidentiality of data within the system.
Recommendation
It is recommended to update NextGEN Gallery to version 4.2.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential weaknesses.
Original NVD description (English source)
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause.

