CVE-2021-24915

Public Exploit

Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure

Description

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address

References

Link	Tags
https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac	third party advisory exploit
https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2021-24915?: CVE-2021-24915 has been scored as a critical severity vulnerability.
How to fix CVE-2021-24915?: To fix CVE-2021-24915, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24915 being actively exploited in the wild?: It is possible that CVE-2021-24915 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~75% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24915?: CVE-2021-24915 affects Unknown Contest Gallery – Photo Contest Plugin for WordPress.

Description

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions