Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 06/07/2010 Updated: 17/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tornadostore tornadostore

source: wwwsecurityfocuscom/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyi ...

CWE-89 http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php http://www.securityfocus.com/bid/41233 https://exchange.xforce.ibmcloud.com/vulnerabilities/59950 https://nvd.nist.gov https://www.exploit-db.com/exploits/34225/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1327

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect