The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-03T00:10:03.810Z

Reserved: 2022-05-12T00:00:00

Link: CVE-2022-1687

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-08T10:15:10.337

Modified: 2024-11-21T06:41:15.303

Link: CVE-2022-1687

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.