Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 11:31 p.m.7 views

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

9.8CVSS8AI score0.1036EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

9.8CVSS7.4AI score0.1036EPSS
Exploits2References3
osv
osv
added 2022/06/08 10:15 a.m.6 views

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

9.8CVSS7.3AI score0.1036EPSS
Exploits2References2
wpvulndb
wpvulndb
added 2022/05/09 12:0 a.m.22 views

CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi

The plugin does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack PoC On a page where the codepeople-image-store is embed, append the...

9.8CVSS0.9AI score0.1036EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder