CVE-2025-22693 — SQL Injection in Contest Gallery

CWE-89 — SQL Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 88.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedFeb 3

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows SQL Injection.This issue affects Contest Gallery: from n/a through <= 25.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery25.1.0

▶NVDcontest-gallery/contest_gallery< 25.1.2

🔴Vulnerability Details

CVEList

WordPress Contest Gallery plugin <= 25.1.0 - SQL Injection vulnerability↗2025-02-03

▶

GHSA

GHSA-q5gm-6r6x-wwp4: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injec↗2025-02-03

▶