Security Advisory

CVE-2021-24398

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-20 10:06:02

Last updated 2024-08-03 19:28:23

Assigner WPScan

State PUBLISHED

Description

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

← Browse all CVEs View on cve.org ↗