29 Nov 2021
Vulnérabilité CVE-2021-24915 CVE Vulnerability
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address (CVSS:0.0) (Last Update:2021-11-29)
Vulnerability Details : The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address Publish Date : 2021-11-29 Last Update Date : 2021-11-29 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2021-24915
- References For CVE-2021-24915
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2021-24915There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |