CVE-2022-1685

CVE-2022-1685: Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby

Vendor Unknown

Product Five Minute Webshop

Weakness CWE-89 · SQLi

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1685 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees CVE-2025-4861 PHPGurukul Beauty Parlour Management System admin-profile.php sql injection CVE-2026-27149 Discourse has SQL injection in PM tag filtering CVE-2023-3473 Campcodes Retro Cellphone Online Store edit_product.php sql injection CVE-2025-30525 WordPress WP Profitshare plugin <= 1.4.9 - SQL Injection vulnerability