Published: 21/01/2014 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote malicious users to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
uaepd shopping cart script -

source: wwwsecurityfocuscom/bid/64734/info UAEPD Shopping Cart Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlyin ...

source: wwwsecurityfocuscom/bid/64734/info UAEPD Shopping Cart Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underly ...

CWE-89 http://osvdb.org/101899 http://www.securityfocus.com/bid/64734 http://osvdb.org/101900 http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt http://secunia.com/advisories/56351 http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty http://osvdb.org/101859 https://exchange.xforce.ibmcloud.com/vulnerabilities/90214 https://nvd.nist.gov https://www.exploit-db.com/exploits/39011/

CVE-2014-1618

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect