exploitDog

GHSA-qfqw-52wp-4gvg

Опубликовано: 09 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 2.7

Описание

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

Ссылки

EPSS

Процентиль: 42%

0.00198

Низкий

2.7 Low

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-1686

CVSS3: 2.7

nvd

больше 3 лет назад

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

EPSS

Процентиль: 42%

0.00198

Низкий

2.7 Low

CVSS3

CVE ID

Дефекты

CWE-89