CVE-2021-24398

CVE-2021-24398: Responsive 3D Slider <= 1.2 - Authenticated SQL Injection

Vendor Unknown

Product RESPONSIVE 3D SLIDER

Weakness CWE-89 · SQLi

Published September 20, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

Key dates

02Disclosure timeline

September 20, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24398 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar CVE-2021-24483 Poll Maker < 3.2.1 - Authenticated Blind SQL Injections CVE-2022-2676 SourceCodester Electronic Medical Records System POST Request sql injection CVE-2024-12926 Codezips Project Management System advanced.php sql injection