CVE-2023-47506 — SQL Injection in Slider PRO

CWE-89 — SQL Injection2 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 67.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Master Slider PRO Masterslider Master Slider

Timeline

PublishedDec 18

Latest updateDec 19

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmasterslider/master_slider3.6.5

▶CVEListV5master_slider/master_slider_pron/a — 3.6.5

🔴Vulnerability Details

GHSA

GHSA-whhc-qmvw-65jq: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injec↗2023-12-19

▶