CVE-2018-5374 – Dbox 3D Slider Lite <= 1.2.2 - SQL Injection

https://notcve.org/view.php?id=CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). El plugin Dbox 3D Slider Lite hasta la versión 1.2.2 para WordPress tiene inyección SQL mediante settings\sliders.php (parámetro current_slider_id). • http://www.defensecode.com/advisories/DC-2017-01-003_WordPress_Dbox_3D_Slider_Lite_Plugin_Advisory.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •