2 matches found
CVE-2022-4166 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...
CVE-2022-4166
CVE-2022-4166 affects Contest Gallery and Contest Gallery Pro WordPress plugins prior to version 19.1.5.1. Root cause: addCountS POST parameter is not escaped before being concatenated into an SQL query in 4_activate.php, enabling SQL injection that can leak database data. Impact: attackers with ...