RSS   Vulnerabilities for 'Five minute webshop'   RSS

2022-06-08
 
CVE-2022-1685

CWE-89
 

 
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

 
 
CVE-2022-1686

CWE-89
 

 
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

 


Copyright 2024, cxsecurity.com

 

Back to Top