3 matches found
CVE-2022-4158
The CVE-2022-4158 entry concerns the Contest Gallery WordPress plugin (versions prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The vulnerability arises from failing to escape the cg_Fields POST parameter before concatenating it into an SQL query within users-registry-check-regist...
CVE-2022-4158 Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...
CVE-2022-4158 Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...