Lucene search
WPScanCVELIST:CVE-2022-4157HistoryDec 26, 2022 - 12:27 p.m.
CVE-2022-4157 Contest Gallery < 19.1.5 - Admin+ SQL Injection
2022-12-2612:27:57
WPScan
www.cve.org
cve-2022-4157
contest gallery
sql injection
wordpress
administrator privileges
multisite configurations
sensitive information
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site’s database.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Contest Gallery",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "19.1.5.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
},
{
"vendor": "Unknown",
"product": "Contest Gallery Pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "19.1.5.1"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Contest Gallery < 19.1.5 - Admin+ SQL Injection
2022-12-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-26 13:15:00
wpexploit
wpexploit
Contest Gallery < 19.1.5 - Admin+ SQL Injection
2022-12-05 00:00:00
nvd
nvd
CVE-2022-4157
2022-12-26 13:15:13
cve
cve
CVE-2022-4157
2022-12-26 13:15:13