Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 3, 2024
Responsive 3D Slider <= 1.2 - Authenticated SQL Injection
CVE-2021-24398
Description
The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Responsive 3D Sliderdescription
- Range: <=1.2
Patches
Vulnerability mechanics
References
2- codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/mitrex_refsource_MISC
- wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.