Vulnerability Details : CVE-2022-4154

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.

Vulnerability category: Sql Injection

Published 2022-12-26 13:15:13

Updated 2023-01-05 15:34:53

Source WPScan

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-4154

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-4154

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	1.2	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-4154

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Assigned by: [email protected] (Primary)

References for CVE-2022-4154

https://wpscan.com/vulnerability/dac32ed4-d3df-420a-a2eb-9e7d2435826a

Exploit;Third Party Advisory
https://bulletin.iese.de/post/contest-gallery_19-1-4-1_5

Exploit;Third Party Advisory

Products affected by CVE-2022-4154

Contest-gallery » Contest Gallery » PRO Edition For Wordpress
Versions before (<) 19.1.5.1
cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:pro:wordpress:*:*
Matching versions