exploitDog

GHSA-4588-f2xw-66mq

Опубликовано: 09 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

Ссылки

EPSS

Процентиль: 48%

0.00246

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-1685

CVSS3: 4.9

nvd

больше 3 лет назад

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

EPSS

Процентиль: 48%

0.00246

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-89