Search criteria

1 vulnerability by logo_slider_project

CVE-2022-1687 (GCVE-0-2022-1687)

Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
Logo Slider <= 1.4.8 - Admin+ SQLi
Summary
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown Logo Slider Affected: 1.4.8 , ≤ 1.4.8 (custom)
Create a notification for this product.
Credits
Daniel Krohmer (Fraunhofer IESE) Shi Chen (University of Kaiserslautern)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/e7506906-5c3d-4963-ae24-55f18c3e5081"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bulletin.iese.de/post/logo-slider_1-4-8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Logo Slider",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.4.8",
              "status": "affected",
              "version": "1.4.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Daniel Krohmer (Fraunhofer IESE)"
        },
        {
          "lang": "en",
          "value": "Shi Chen (University of Kaiserslautern)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T08:51:21.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/e7506906-5c3d-4963-ae24-55f18c3e5081"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bulletin.iese.de/post/logo-slider_1-4-8"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Logo Slider \u003c= 1.4.8 - Admin+ SQLi",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-1687",
          "STATE": "PUBLIC",
          "TITLE": "Logo Slider \u003c= 1.4.8 - Admin+ SQLi"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Logo Slider",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.4.8",
                            "version_value": "1.4.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Daniel Krohmer (Fraunhofer IESE)"
          },
          {
            "lang": "eng",
            "value": "Shi Chen (University of Kaiserslautern)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/e7506906-5c3d-4963-ae24-55f18c3e5081",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/e7506906-5c3d-4963-ae24-55f18c3e5081"
            },
            {
              "name": "https://bulletin.iese.de/post/logo-slider_1-4-8",
              "refsource": "MISC",
              "url": "https://bulletin.iese.de/post/logo-slider_1-4-8"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-1687",
    "datePublished": "2022-06-06T08:51:22.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:10:03.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}