Vulnerabilities > CVE-2022-1685 - Unspecified vulnerability in Five Minute Webshop Project Five Minute Webshop 1.3.2

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

five-minute-webshop-project

NVD

Published: 2022-06-08

Updated: 2024-11-21

Summary

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

Vulnerable Configurations

Part	Description	Count
Application	Five_Minute_Webshop_Project Five Minute Webshop Project Five Minute Webshop 1.3.2	1

References

https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1
https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1
https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97
https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97