Search criteria
1 vulnerability by visual_slide_box_builder_project
CVE-2022-1182 (GCVE-0-2022-1182)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:30 – Updated: 2024-08-02 23:55
VLAI
Title
Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi
Summary
The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01d108bb-d134-46… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Visual Slide Box Builder |
Affected:
3.2.9 , ≤ 3.2.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Slide Box Builder",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "3.2.9",
"status": "affected",
"version": "3.2.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "p7e4"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:39.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Slide Box Builder \u003c= 3.2.9 - Subscriber+ SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1182",
"STATE": "PUBLIC",
"TITLE": "Visual Slide Box Builder \u003c= 3.2.9 - Subscriber+ SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Slide Box Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.2.9",
"version_value": "3.2.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1182",
"datePublished": "2022-05-16T14:30:39.000Z",
"dateReserved": "2022-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}