CVE-2022-4157

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.

Related Vulnerabilities

CVE-2016-3424

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

NVD-CWE-Other2016

CVE-2016-3459

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via ...

NVD-CWE-Other2016

CVE-2016-3495

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-3520

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via ve...

NVD-CWE-Other2016

CVE-2016-5436

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-5437

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

NVD-CWE-Other2016