Lucene search
CVE-2021-24132
The Slider by 10Web WordPress plugin, versions before 1.2.36, allows SQL Injection attacks
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2021-24132 Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection | 18 Mar 202114:57 | – | cvelist |
 | Sql injection | 18 Mar 202115:15 | – | prion |
 | Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection | 29 Sep 202000:00 | – | wpvulndb |
 | CVE-2021-24132 | 18 Mar 202115:15 | – | nvd |
 | Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection | 29 Sep 202000:00 | – | wpexploit |
 | Wordpress Slider by 10Web SQL Injection Vulnerability | 19 Mar 202100:00 | – | cnvd |
[
{
"product": "Slider by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.36",
"status": "affected",
"version": "1.2.36",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| check[] | request body | /wp-admin/admin.php?page=sliders_wds | The bulk_action functionality is vulnerable to SQL Injection due to improper handling of user input in the check[] parameter. | CWE-89 |
| slider_ids_string | query param | /admin/models/WDSModelWDSExport.php | The export_full functionality is vulnerable to SQL Injection when the slider_ids_string is manipulated to include SQL commands. | CWE-89 |
| del_slide_ids_string | query param | /admin/controllers/Sliders.php | The save_slider_db functionality is vulnerable to SQL Injection when the del_slide_ids_string is manipulated to include SQL commands. | CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo18 Mar 2021 15:15Current
8.8High risk
Vulners AI Score8.8
CVSS26.5
CVSS38.8
EPSS0.00501