This vulnerability in LambertGroup UberSlider (versions prior to 2.6) allows SQL Injection due to improper neutralization of special elements in SQL commands. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) indicates that an attacker can exploit this remotely over the network with low complexity and low privileges, without user interaction. The impact includes high confidentiality compromise and low availability impact. The vulnerability is publicly disclosed but lacks vendor patch or advisory details at this time.

Successful exploitation could allow an attacker to access sensitive data (high confidentiality impact) from the database without altering data integrity. The attack requires low privileges but no user interaction. Availability impact is low, potentially causing minor service disruption. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to the vulnerable plugin and monitoring for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable component to untrusted networks where possible.