CVE-2021-24557

CVE-2021-24557: M-vSlider <= 2.1.3 - Authenticated (admin+) SQL Injection

Vendor Unknown

Product M-vSlider

Weakness CWE-89 · SQLi

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24557

Related vulnerabilities

04Related CVE

CVE-2024-30488 WordPress Zotpress plugin <= 7.3.7 - SQL Injection vulnerability CVE-2023-50718 NocoDB SQL Injection vulnerability CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter CVE-2024-12230 PHPGurukul Complaint Management System subcategory.php sql injection CVE-2024-5775 SourceCodester Vehicle Management System updatebill.php sql injection