Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.6 views

CVE-2022-4159

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...

6.5CVSS6.8AI score0.00854EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.21 views

CVE-2022-4159 Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...

6.7AI score0.00854EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.6 views

CVE-2022-4159 Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...

6.8AI score0.00854EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:28 p.m.86 views

CVE-2022-4159

The CVE-2022-4159 issue affects Contest Gallery WordPress plugin pre-19.1.5.1 and Contest Gallery Pro pre-19.1.5.1, where the cg_id POST parameter is not escaped before being concatenated into an SQL query in 0_change-gallery.php. This can allow a user with at least author privileges to leak sens...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder