CVE-2021-24557

Summary

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.

Affected Software

VendorProductVersion RangeStatus
UnknownM-vSlider2.1.3 <= 2.1.3affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References