Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-43283 — Sensitive Info Insertion into Sent Data in Contest Gallery

CWE-201 — Sensitive Info Insertion into Sent Data CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.5HIGHNVD

EPSS

23.7%

top 4.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedAug 26

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery23.1.2

▶NVDcontest-gallery/contest_gallery< 23.1.3

🔴Vulnerability Details

GHSA

GHSA-qxhc-f89g-j37j: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery↗2024-08-26

▶

CVEList

WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability↗2024-08-26

▶

VulnCheck

contest-gallery contest_gallery Insertion of Sensitive Information Into Sent Data↗2024

▶

💥Exploits & PoCs

Nuclei

Contest Gallery - Broken Access Control

▶