CVE Vulnerability

CVE-2022-1684

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

2.7 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bulletin.iese.de/post/cube-slider_1-2 Exploit Third Party Advisory
https://wpscan.com/vulnerability/db7fb815-945a-41c7-8932-834cc646a806 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:webpsilon:cube_slider:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-06-08 10:15

Updated : 2022-06-15 04:25

NVD link : CVE-2022-1684

Mitre link : CVE-2022-1684

Products Affected
No products.
CWE
CWE-89