Contest Gallery 漏洞列表

共找到 2 个与 Contest Gallery 相关的漏洞

📅 加载漏洞趋势中...

CVE-2021-24915: Contest Gallery < 13.1.0.6 - SQL injection POC

日期: 2025-08-01 | 影响软件: Contest Gallery

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address.
CVE-2021-24915: Contest Gallery < 13.1.0.6 - SQL injection POC

日期: 2025-08-01 | 影响软件: Contest Gallery

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address.