Contest Gallery < 19.1.5 - Author+ SQL Injection
CVE-2022-4166

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Contest Gallery; Contest Gallery Pro
Vendor: CVE Published:; 26 December 2022

Summary

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.

Affected Version(s)

Contest Gallery 0 < 19.1.5.1

Contest Gallery Pro 0 < 19.1.5.1

References

https://wpscan.com/vulnerability/6e7de2bb-5f71-4c27-ae79-...

exploitvdb-entrytechnical-description

https://bulletin.iese.de/post/contest-gallery_19-1-4-1_12

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Nov 28, 2022

Credit

Kunal Sharma (University of Kaiserslautern)

Daniel Krohmer (Fraunhofer IESE)

WPScan