Lucene search
PRIOn knowledge basePRION:CVE-2022-4164HistoryDec 26, 2022 - 1:15 p.m.
Cross site request forgery (csrf)
2022-12-2613:15:00
PRIOn knowledge base
www.prio-n.com
6
contest gallery
contest gallery pro
wordpress
sql injection
sensitive information
csrf
author privilege
0.001 Low
EPSS
Percentile
32.8%
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site’s database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contest_gallery | lt | 19.1.5.1 | |
| contest_gallery | lt | 19.1.5.1 |
Related
wpexploit
wpexploit
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-05 00:00:00
nvd
nvd
CVE-2022-4164
2022-12-26 13:15:13
cvelist
cvelist
CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-26 12:28:09
wpvulndb
wpvulndb
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-05 00:00:00
cve
cve
CVE-2022-4164
2022-12-26 13:15:13