Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.8 views

CVE-2022-4165

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...

6.5CVSS6.8AI score0.00854EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.21 views

CVE-2022-4165 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...

6.7AI score0.00854EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.9 views

CVE-2022-4165 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...

6.8AI score0.00854EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:28 p.m.60 views

CVE-2022-4165

CVE-2022-4165 affects the Contest Gallery WordPress plugin (prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The root cause is failure to escape the cg_order POST parameter before concatenating it into an SQL query in order-custom-fields-with-and-without-search.php, enabling a user...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder