CVE-2022-1683

EUVD-2022-24968
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
amtythumb_projectamtythumb
𝑥
≤ 4.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bulletin.iese.de/post/amtythumb_4-2-0
https://wpscan.com/vulnerability/359d145b-c365-4e7c-a12e-c26b7b8617ce
https://bulletin.iese.de/post/amtythumb_4-2-0
https://wpscan.com/vulnerability/359d145b-c365-4e7c-a12e-c26b7b8617ce