Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.5 views

CVE-2022-4156

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

7.5CVSS7.4AI score0.0092EPSS
Exploits2References1
NVD
NVD
added 2022/12/26 1:15 p.m.18 views

CVE-2022-4156

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

7.5CVSS0.0092EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.22 views

CVE-2022-4156 Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

7.7AI score0.0092EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:28 p.m.92 views

CVE-2022-4156

The CVE-2022-4156 issue affects Contest Gallery WordPress plugin versions prior to 19.1.5.1 (and Contest Gallery Pro before 19.1.5.1). The root cause is failure to escape the user_id POST parameter before concatenating it into an SQL query in ajax-functions-backend.php, enabling an unauthenticate...

7.5CVSS7.5AI score0.0092EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder