Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.6 views

CVE-2022-4164

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

6.5CVSS6.8AI score0.00854EPSS
Exploits2References1
Circl
Circl
added 2022/12/26 4:40 p.m.6 views

CVE-2022-4164

creationtimestamp| type| source ---|---|--- 2022-12-26 16:40:52+00:00| seen| https://t.me/cibsecurity/55356 2025-04-14 13:54:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11614...

6.5CVSS6.6AI score0.00854EPSS
Exploits2References2
NVD
NVD
added 2022/12/26 1:15 p.m.19 views

CVE-2022-4164

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

6.5CVSS0.00854EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.26 views

CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

6.7AI score0.00854EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:28 p.m.82 views

CVE-2022-4164

CVE-2022-4164 affects Contest Gallery WordPress plugin before 19.1.5.1 and Contest Gallery Pro before 19.1.5.1. The root cause is failure to escape the cg_multiple_files_for_post POST parameter when building an SQL query in 0_change-gallery.php, enabling an attacker with at least author privilege...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.7 views

CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

6.8AI score0.00854EPSS
Exploits2References2
Rows per page
Query Builder