4 matches found
CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4153 Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4153
The CVE-2022-4153 issue affects the Contest Gallery WordPress plugin (and Contest Gallery Pro) prior to version 19.1.5.1. Root cause: the upload[] POST parameter is not escaped before being concatenated into an SQL query in get-data-create-upload-v10.php, enabling a user with at least author priv...