CVE-2022-1686

CVE-2022-1686: Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id

Vendor Unknown

Product Five Minute Webshop

Weakness CWE-89 · SQLi

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1686 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-38724 IBM Cognos Controller SQL injection CVE-2024-35678 WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability CVE-2025-12932 SourceCodester Baby Care System admin.php sql injection CVE-2026-9003 TONNET｜E-LAN Hybrid Recording System - SQL Injection CVE-2023-5430 Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode