The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack. [已公开] id: CVE-2022-1692 info: name: CP Image Store with Slideshow <= 1.0.67 - SQL Injection author: Shivam Kamboj severity: critical description: | The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack. impact: | Unauthenticated attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or full database compromise. remediation: | Update to version 1.0.68 or later. reference: - https://wpscan.com/vulnerability/83bae80c-f583-4d89-8282-e6384bbc7571/ - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cp-image-store/cp-image-store-with-slideshow-1067-unauthenticated-sql-injection - https://nvd.nist.gov/vuln/detail/CVE-2022-169

CP Image Store with Slideshow

POC: 已公开