26 Déc 2022
Vulnérabilité CVE-2022-4150 CVE Vulnerability
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. (CVSS:0.0) (Last Update:2022-12-26)
Vulnerability Details : The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Publish Date : 2022-12-26 Last Update Date : 2022-12-26 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2022-4150
- References For CVE-2022-4150
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2022-4150There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |