Vulnerabilities > CVE-2021-24398 - Unspecified vulnerability in Webpsilon Responsive 3D Slider 1.2

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

webpsilon

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

Vulnerable Configurations

Part	Description	Count
Application	Webpsilon Webpsilon Responsive 3D Slider - Webpsilon Responsive 3D Slider 1.2	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/
https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/
https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5
https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5