6.5
CVE-2022-4166
- EPSS 0.74%
- Veröffentlicht 26.12.2022 13:15:13
- Zuletzt bearbeitet 12.04.2025 00:15:17
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginContest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
Mögliche Gegenmaßnahme
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe: Update to version 19.1.5, or a newer patched version
Contest Gallery Pro: Update to version 19.1.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe
Version
*-19.1.4.1
SystemWordPress Plugin
≫
Produkt
Contest Gallery Pro
Version
*-19.1.4.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contest-gallery ≫ Contest Gallery SwPlatformwordpress Version < 19.1.5.1
Contest-gallery ≫ Contest Gallery SwEditionpro SwPlatformwordpress Version < 19.1.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.74% | 0.725 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|