Published: 03/01/2020 Updated: 14/01/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.

Vulnerable Product	Search on Vulmon	Subscribe to Product
loadedcommerce loaded7 -

Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: breakingtechnology/advisories/CVE-2014-5140txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor confirmed exploit 30 July ...

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection ...

CWE-89 http://www.exploit-db.com/exploits/34552 http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/https://github.com/loadedcommerce/loaded7/pull/520 https://exchange.xforce.ibmcloud.com/vulnerabilities/95791 http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/34552/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5140

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect