4 matches found
CVE-2022-4159
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4159 Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4159 Contest Gallery < 19.1.5.1 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4159
The CVE-2022-4159 issue affects Contest Gallery WordPress plugin pre-19.1.5.1 and Contest Gallery Pro pre-19.1.5.1, where the cg_id POST parameter is not escaped before being concatenated into an SQL query in 0_change-gallery.php. This can allow a user with at least author privileges to leak sens...