3 matches found
CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4157 Contest Gallery < 19.1.5 - Admin+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4157
The CVE-2022-4157 issue affects Contest Gallery, including Contest Gallery Pro for WordPress, where export-votes-all.php fails to escape the cg_option_id POST parameter before concatenating it into an SQL query. Root cause: lack of input sanitization leads to potential SQL injection. Impact, as s...