3 matches found
CVE-2021-24915
creationtimestamp| type| source ---|---|--- 2021-11-29 12:33:06+00:00| seen| https://t.me/cibsecurity/33013 2023-10-17 12:50:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24915.yaml 2026-03-12 21:02:31+00:00| seen|...
CVE-2021-24915 Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...
CVE-2021-24915
The Contest Gallery WordPress plugin (prior to 13.1.0.6) lacks capability checks and does not sanitise/escape cg-search-user-name-original before using it in a SQL statement when exporting gallery users, enabling unauthenticated SQL injection and disclosure of all usernames and email addresses. T...