Lucene search

K
prionPRIOn knowledge basePRION:CVE-2021-24915
HistoryNov 29, 2021 - 9:15 a.m.

Sql injection

2021-11-2909:15:00
PRIOn knowledge base
www.prio-n.com
1

9.6 High

AI Score

Confidence

High

0.397 Low

EPSS

Percentile

97.3%

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address

CPENameOperatorVersion
contest_gallerylt13.1.0.6

9.6 High

AI Score

Confidence

High

0.397 Low

EPSS

Percentile

97.3%

Related for PRION:CVE-2021-24915