CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-1685

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.4%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1
https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97
https://bulletin.iese.de/post/five-minute-webshop_1-3-2_1
https://wpscan.com/vulnerability/86bd28d5-6767-4bca-ab59-710c1c4ecd97

Products affected by CVE-2022-1685

Five Minute Webshop Project » Five Minute Webshop » Version: 1.3.2

cpe:2.3:a:five_minute_webshop_project:five_minute_webshop:1.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1685

Products

Pricing

Contact Us