Vulnerability Description
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Five Minute Webshop Project | Five Minute Webshop | <= 1.3.2 |
Related Weaknesses (CWE)
References
- https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1ExploitThird Party Advisory
- https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97ExploitThird Party Advisory
- https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1ExploitThird Party Advisory
- https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97ExploitThird Party Advisory
FAQ
What is CVE-2022-1685?
CVE-2022-1685 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to a...
How severe is CVE-2022-1685?
CVE-2022-1685 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1685?
Check the references section above for vendor advisories and patch information. Affected products include: Five Minute Webshop Project Five Minute Webshop.