6 matches found
CVE-2022-4164
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4164
creationtimestamp| type| source ---|---|--- 2022-12-26 16:40:52+00:00| seen| https://t.me/cibsecurity/55356 2025-04-14 13:54:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11614...
CVE-2022-4164
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...
CVE-2022-4164
CVE-2022-4164 affects Contest Gallery WordPress plugin before 19.1.5.1 and Contest Gallery Pro before 19.1.5.1. The root cause is failure to escape the cg_multiple_files_for_post POST parameter when building an SQL query in 0_change-gallery.php, enabling an attacker with at least author privilege...
CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...