amtyThumb <= 4.2.0 - Subscriber+ SQLi
CVE-2022-1683

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Amtythumb
Vendor: CVE Published:; 8 June 2022

Summary

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action

Affected Version(s)

amtyThumb 4.2.0

References

https://wpscan.com/vulnerability/359d145b-c365-4e7c-a12e-...

x_refsource_MISC

https://bulletin.iese.de/post/amtythumb_4-2-0

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2022
Vulnerability Reserved
May 12, 2022

Credit

Daniel Krohmer (Fraunhofer IESE)

Shi Chen (University of Kaiserslautern)