A vulnerability classified as critical was found in Contest Gallery Pro Plugin up to 19.1.4 on WordPress (Photo Gallery Software). This vulnerability affects an unknown code block of the file management-show-user.php of the component Configuration Handler. The manipulation of the argument wp_user_id with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.

The weakness was disclosed 12/26/2022. The advisory is available at wpscan.com. This vulnerability was named CVE-2022-4154 since 11/28/2022. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.

By approaching the search of inurl:management-show-user.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 19.1.5 eliminates this vulnerability.

Productinfo

Type

• Photo Gallery Software

Name

• Contest Gallery Pro Plugin

Version

• 19.1.0
• 19.1.1
• 19.1.2
• 19.1.3
• 19.1.4

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion