Vulnerabilities > CVE-2022-1686 - Unspecified vulnerability in Five Minute Webshop Project Five Minute Webshop 1.3.2

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

five-minute-webshop-project

NVD

Published: 2022-06-08

Updated: 2024-11-21

Summary

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

Vulnerable Configurations

Part	Description	Count
Application	Five_Minute_Webshop_Project Five Minute Webshop Project Five Minute Webshop 1.3.2	1

References

https://bulletin.iese.de/post/five-minute-webshop_1-3-2_2
https://bulletin.iese.de/post/five-minute-webshop_1-3-2_2
https://wpscan.com/vulnerability/1a5ce0dd-6847-42e7-8d88-3b63053fab71
https://wpscan.com/vulnerability/1a5ce0dd-6847-42e7-8d88-3b63053fab71