CVE-2022-4158 – Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. El complemento de WordPress Contest Gallery anterior a 19.1.5.1 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5.1 no escapan del parámetro POST cg_Fields antes de concatenarlo a una consulta SQL en users-registry-check-registering-and-login.php. Esto puede permitir que visitantes malintencionados filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_Fields parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_15 https://wpscan.com/vulnerability/1b3b51af-ad73-4f8e-ba97-375b8a363b64 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4161 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento Contest Gallery de WordPress anterior a 19.1.5.1, y el complemento Contest Gallery Pro de WordPress anterior a 19.1.5.1, no escapan el parámetro POST cg_copy_start antes de concatenarlo a una consulta SQL en copy-gallery-images.php. Esto puede permitir que usuarios malintencionados, con al menos privilegios de autor, filtren información confidencial de la base de datos del sitio The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_copy_start parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_16 https://wpscan.com/vulnerability/a66af8f7-1d5f-4fe5-a2ba-03337064583b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4154 – Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database. El complemento Contest Gallery Pro de WordPress anterior a 19.1.5 no escapa del parámetro GET wp_user_id antes de concatenarlo a una consulta SQL en management-show-user.php. Esto puede permitir que usuarios malintencionados con privilegios de administrador (es decir, en configuraciones de WordPress multisitio) filtren información confidencial de la base de datos del sitio. The Contest Gallery Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied wp_user_id parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_5 https://wpscan.com/vulnerability/dac32ed4-d3df-420a-a2eb-9e7d2435826a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4166 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento Contest Gallery de WordPress anterior a 19.1.5.1 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5.1 no escapan del parámetro addCountS POST antes de concatenarlo a una consulta SQL en 4_activate.php. Esto puede permitir que usuarios malintencionados con al menos privilegios de autor filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied addCountS parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_12 https://wpscan.com/vulnerability/6e7de2bb-5f71-4c27-ae79-4f6b2ba7f86f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4162 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4162
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento de WordPress Contest Gallery anterior a 19.1.5.1 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5.1 no escapan del parámetro POST cg_row antes de concatenarlo a una consulta SQL en 3_row-order.php. Esto puede permitir que usuarios malintencionados con al menos privilegios de autor filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_row parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_9 https://wpscan.com/vulnerability/011500ac-17e4-4d4f-bbd9-1fec70511776 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •