WordPress Plugin Vulnerabilities

Contest Gallery < 19.1.5 - Author+ SQL Injection

Description

The plugins do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.

Proof of Concept

Affects Plugins

Plugin icon
contest-gallery
Fixed in 19.1.5
Plugin icon
contest-gallery-pro
Fixed in 19.1.5

References

CVE
CVE-2022-4163
URL
https://bulletin.iese.de/post/contest-gallery_19-1-4-1_10

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)
Submitter
Daniel Krohmer
Submitter website
https://iese.fraunhofer.de/en.html
Verified
Yes
WPVDB ID
de0d7db7-f911-4f5f-97f6-885ca60822d1

Timeline

Publicly Published
2022-12-05 (about 3 years ago)
Added
2022-12-05 (about 3 years ago)
Last Updated
-0001-11-30 (about 2026 years ago)

Other

Published
Title
Published
2024-07-08
Title
Houzez CRM < 1.4.3 - Authenticated (Seller+) SQL Injection
Published
2022-12-05
Title
Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
Published
2024-06-06
Title
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress < 9.0.2 - Authenticated (Contributor+) SQL Injection
Published
2023-07-10
Title
RSVPMarker < 10.5.5 - Admin+ SQL Injection (SQLi)
Published
2017-05-31
Title
eventr 1.02.2 - Blind SQL Injection