CVE-2021-24398
N/A
N/A
Summary
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | RESPONSIVE 3D SLIDER | 1.2 <= 1.2 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5
- https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/
References
- https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5
- https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.