exploitDog

CVE-2022-1684

Опубликовано: 08 июн. 2022

Источник: nvd

CVSS3: 2.7

CVSS2: 4

EPSS Низкий

Описание

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

Ссылки

https://bulletin.iese.de/post/cube-slider_1-2
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/db7fb815-945a-41c7-8932-834cc646a806
Exploit
Third Party Advisory
https://bulletin.iese.de/post/cube-slider_1-2
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/db7fb815-945a-41c7-8932-834cc646a806
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webpsilon:cube_slider:*:*:*:*:*:wordpress:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 40%

0.00181

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6p9h-frfg-cmhm

CVSS3: 2.7

github

больше 3 лет назад

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

EPSS

Процентиль: 40%

0.00181

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89