CVE-2022-1687 — SQL Injection in Slider Project Logo Slider

CWE-89 — SQL Injection3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 60.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Logo Slider Project Logo Slider

Timeline

PublishedJun 8

Latest updateJun 9

Description

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶NVDlogo_slider_project/logo_slider1.4.8

🔴Vulnerability Details

GHSA

GHSA-48vh-cf5c-h3m3: The Logo Slider WordPress plugin through 1↗2022-06-09

▶

CVEList

Logo Slider <= 1.4.8 - Admin+ SQLi↗2022-06-06

▶