Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.6 views

CVE-2022-4153

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...

6.5CVSS6.8AI score0.00854EPSS
Exploits2References1
NVD
NVD
added 2022/12/26 1:15 p.m.19 views

CVE-2022-4153

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...

6.5CVSS0.00854EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:27 p.m.9 views

CVE-2022-4153 Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...

6.8AI score0.00854EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:27 p.m.70 views

CVE-2022-4153

The CVE-2022-4153 issue affects the Contest Gallery WordPress plugin (and Contest Gallery Pro) prior to version 19.1.5.1. Root cause: the upload[] POST parameter is not escaped before being concatenated into an SQL query in get-data-create-upload-v10.php, enabling a user with at least author priv...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder