Published: 03/12/2014 Updated: 05/12/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote malicious users to execute arbitrary SQL commands via a tem:Code element in a SOAP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
proticaret proticaret 3.0

Document Title: ============ Proticaret E-Commerce Script v30 >= SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script Abstract Advisory Information: ======================= BGA Security Team discovered an SQL injection vulnerability in Protica ...

CWE-89 http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Nov/43 https://nvd.nist.gov https://www.exploit-db.com/exploits/35219/

CVE-2014-9237

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect